cracking 


Secrets  of 


How  federal 


Encryption  Research 


agencies 


Wiretap  Politics 


subuert 


&  Chip  Design 


priuacv 


■e 


ELECTRONIC  FRONTIER  FOUNDATION 


Digitized  by  the  Internet  Archive 
in  2013 


http://archive.org/details/crackingdessecreOOelec 


Cracking  DES 


Cracking  DES 

Secrets  of  Encryption  Research,  Wiretap 

Politics  &  Chip  Design 


Electronic  Frontier  Foundation 


Cracking  DES:  Secrets  of  Encryption  Research,  Wiretap  Politics,  and  Chip  Design 

by  the  Electronic  Frontier  Foundation 

With  the  exceptions  noted,  this  book  and  all  of  its  contents  are  in  the  public  domain. 
Published  in  1998  by  the  Electronic  Frontier  Foundation.  Printed  in  the  United  States  of 
America.  No  rights  reserved.  Every  part  of  this  book,  except  as  noted  below,  may  be 
reproduced,  in  any  form  or  by  any  means,  without  permission  in  writing  from  the  publisher. 
Because  this  material  is  in  the  public  domain,  permission  to  reproduce,  use,  copy,  modify, 
and  distribute  this  material  for  any  purpose  and  without  fee  is  hereby  granted. 

The  test-file,  bootstrap,  and  bootstrap2  listings  in  Chapter  4  are  Copyright  ©  1997  by  Network 
Associates,  Inc.  These  listings  may  be  reproduced  in  whole  or  in  part  without  payment  of 
royalties.  Chapter  10,  Architectural  Considerations  for  Cryptanalytic  Hardware,  is 
Copyright  ©1996  by  the  authors,  Ian  Goldberg  and  David  Wagner.  It  may  not  be  reproduced 
without  the  permission  of  the  authors,  who  can  be  reached  at  iang@cs.berkeley.edu  and 
daw@cs.berkeley.edu.  Chapter  11,  Efficient  DES  Key  Search:  An  Update,  is  Copyright  ©  1997 
by  Entrust  Technologies.  It  may  be  reproduced  in  whole  or  in  part  without  payment  of 
royalties.  Chapter  9,  Breaking  One  Million  DES  Keys,  is  Copyright  ©  1986.  Work  done  at  the 
University  of  Leuven,  Belgium,  and  supported  by  the  NFWO,  Belgium.  It  may  not  be  repro- 
duced without  the  permission  of  the  author,  who  can  be  reached  at  desmedt@cs.uwm.edu. 

Distributed  by  O'Reilly  &  Associates,  Inc.,  101  Morris  Street,  Sebastopol,  CA  95472. 

Printing  History: 

May  1998:  First  Edition. 


Many  of  the  designations  used  by  manufacturers  and  sellers  to  distinguish  their  products  are 
claimed  as  trademarks.  Where  those  designations  appear  in  this  book,  and  the  publisher  was 
aware  of  a  trademark  claim,  the  designations  have  been  printed  in  caps  or  initial  caps. 

While  many  precautions  have  been  taken  in  the  preparation  of  this  book,  the  publisher  and 
distributor  assume  no  responsibility  for  errors  or  omissions,  or  for  damages  resulting  from  the 
use  of  the  information  contained  herein. 


This  book  is  printed  on  acid-free  paper  with  85%  recycled  content,  15%  post-consumer  waste. 
O'Reilly  &  Associates  is  committed  to  using  paper  with  the  highest  recycled  content  available 
consistent  with  high  quality. 

ISBN:    1-56592-520-3  [9/98] 


Table  of  Contents 


Foreword ix 

Preface xiii 

1:     Overview /-/ 

Politics  of  Decryption  1-1 

Goals   1-7 

History  of  DES  Cracking 1-8 

EFF's  DES  Cracker  Project  1-8 

Architecture  1-9 

Who  Else  Is  Cracking  DES?  1-16 

What  To  Do  If  You  Depend  On  DES  1-17 

Conclusion  1-18 

2:     Design  for  DES  Key  Search  Array 2-1 

On-Chip  Registers  2-1 

Commands  2-4 

Search  Unit  Operation  2-4 

Sample  Programming  Descriptions 2-5 

Scalability  and  Performance  2-9 

Host  Computer  Software  2-9 

Glossary  2-10 


vi  Table  of  Contents 

3:     Design  for  DES  Key  Search  Array  Chip-Level  Specification 3-1 

ASIC  Description  3-1 

Board  description  3-3 

Read  and  Write  Timing  3-5 

Addressing  Registers  3-7 

All-active  Signal   3-7 

ASIC  Register  Allocation  3-8 

4:     Scanning  the  Source  Code 4-1 

The  Politics  of  Cryptographic  Source  Code  4-1 

The  Paper  Publishing  Exception 4-2 

Scanning  4-4 

Bootstrapping 4-5 

5:     Software  Source  Code 5-1 

6:     Chip  Source  Code 6-1 

7:     Chip  Simulator  Source  Code 7-1 

8:     Hardware  Board  Schematics 8-1 

Board  Schematics  8-1 

Sun-4/470  backplane  modifications  8-10 

PC  Interfaces  8-12 

Errata  8-13 

9:     Breaking  One  Million  DES  Keys  by  Yvo  Desmedt 9-1 

Abstract 9-1 

Introduction  9-1 

The  basic  idea  9-2 

Details  of  such  a  machine  9-2 

Obtained  results  and  remarks  9-4 

Conclusion  9-4 

Acknowledgement  9-5 


Table  of  Contents  vii 

10:  Architectural  Considerations  for  Crypt  analytic  Hardware  ..  10-1 

Abstract  10-1 

Introduction   10-1 

Motivation  10-2 

Related  work  10-4 

Technical  Approach  10-6 

Design  and  Analysis  10-8 

Future  work 10-23 

Conclusions  10-23 

Acknowledgements   10-24 

Availability  10-24 

References  10-24 

11:  Efficient DES  Key  Search — An  Update  by  Michael  J.  Wiener  11-1 

Advancing  Technology  11-2 

Programmable  Hardware   11-3 

Conclusion  11-4 

12:  Authors 12-1 

The  Electronic  Frontier  Foundation  12-1 

John  Gilmore  12-2 

Cryptography  Research  12-2 

Paul  Kocher 12-3 

Advanced  Wireless  Technologies  12-3 


Foreword 
by  Whitfield  Dijfie 


In  1974  the  Stanford  computer  science  community  ate  at  Loui's.*  As  I  sat  eating 
one  evening  in  the  fall,  Butler  Lampson  approached  me,  and  in  the  course  of 
inquiring  what  I  was  doing,  remarked  that  the  IBM  Lucifer  system  was  about  to  be 
made  a  national  standard.  I  hadn't  known  it,  and  it  set  me  thinking. 

My  thoughts  went  as  follows: 

NSA  doesn't  want  a  strong  cryptosystem  as  a  national  standard,  because  it 
is  afraid  of  not  being  able  to  read  the  messages. 

On  the  other  hand,  if  NSA  endorses  a  weak  cryptographic  system  and  is 
discovered,  it  will  get  a  terrible  black  eye. 

Hints  that  Butler  was  correct  began  to  appear  and  I  spent  quite  a  lot  of  time  think- 
ing about  this  problem  over  the  next  few  months.  It  led  me  to  think  about  trap- 
door cryptosystems  and  perhaps  ultimately  public-key  cryptography. 

When  the  Proposed  Data  Encryption  Standard  was  released  on  the  17th  of  March 
1975,*  I  thought  I  saw  what  they  had  done.  The  basic  system  might  be  ok,  but  the 
keyspace  was  on  the  small  side.  It  would  be  hard  to  search,  but  not  impossible. 
My  first  estimate  was  that  a  machine  could  be  built  for  $650M  that  would  break 
DES  in  a  week.  I  discussed  the  idea  with  Marty  Hellman  and  he  took  it  on  with  a 
vengance.  Before  we  were  through,  the  estimated  cost  had  fallen  to  $20M  and  the 
time  had  declined  to  a  day.* 


*  Louis  Kao's  Hsi-Nan  restaurant  in  Town  and  Country  Village,  Palo  Alto 

t  40  Federal  Register  12067 

\  Whitfield  Diffie  and  Martin  E.  Hellman.    Exhaustive  cryptanalysis  of  the  NBS  data  encryption  stan- 
dard.  Computer,  10(6):74-84,  June  1977. 
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Foreword  by  Whitfield  Diffie 


Our  paper  started  a  game  in  the  cryptographic  community  and  many  papers  on 
searching  through  DES  keys  have  since  been  written.  About  three  years  after  the 
publication  of  our  paper,  Robert  Jueneman — then  at  Satellite  Business  Systems  in 
McLean,  Virginia — wrote  "The  Data  Encryption  Standard  vs.  Exhaustive  Search."* 
This  opus  was  substantially  more  optimistic  about  the  chances  for  DES  breaking.  It 
predicted  that  by  1985  a  half-million  dollar  investment  would  get  you  a  DES  key 
every  hour  and  that  by  1995,  $10  million  similarly  spent  would  reduce  that  time  to 
two  seconds,  an  estimate  remarkably  close  to  one  made  fifteen  years  later. 

A  decade  later,  Yvo  Desmedt  and  Jean-Jaques  Quisquater  made  two  contibutions, 
one  whimsical,  one  serious.  Using  a  related  "birthday  problem"  sort  of  approach, 
they  proposed  a  machine  for  attacking  many  cryptographic  problems  at  a  timet. 
Their  whimsical  suggestion  took  advantage  of  the  fact  that  the  polulation  of  China 
was  about  the  square  root  of  the  size  of  the  DES  key  space.* 

The  year  1993  brought  a  watershed.  Michael  Wiener  of  Bell-Northern  Research 
(BNR)  designed  the  most  solid  paper  machine  yet.S  It  would  not  be  too  far  off  to 
describe  it  as  a  Northern  Telecom  DMS100  telephone  switch,  specialized  to  attack- 
ing DES.  What  made  the  paper  notworthy  was  that  it  used  standard  Northern  Tele- 
com design  techniques  from  the  chips  to  the  boards  to  the  cabinets.  It  anticipated 
an  investment  of  under  a  million  dollars  for  a  machine  that  would  recover  a  key 
every  three  hours.  A  provocative  aside  was  the  observation  that  the  required  bud- 
get could  be  hidden  in  a  director's  budget  at  BNR. 

Finally,  in  1996,  an  estimate  was  prepared  by  not  one  or  two  cryptographers  but 
by  a  group  later,  and  not  entirely  sympathetically,  called  the  magnificent  seven.11 
This  estimate  outlined  three  basic  approaches  loosely  correlated  with  three  levels 
of  resources.  At  the  cheap  end  was  scrounging  up  time  on  computers  you  didn't 
need  to  own.  In  the  middle  was  using  programmable  logic  arrays,  possibly  PLA 
machines  built  for  some  other  purpose  such  as  chip  simulation.  The  high  end  was 
the  latest  refinement  of  the  custom  chip  approach. 


*  R.  R.  Jueneman,  The  Data  Encryption  Standard  vs.  Exhaustive  Search:  Practicalities  and  Politics.  5 
Feb  1981. 

f  Yvo  Desmedt,  "An  Exhaustive  Key  Search  Machine  Breaking  One  Million  DES  Keys",  presented  at 
Eurocrypt  1987.   Chapter  9  of  this  book. 

t  Jean-Jacques  Quisquater  and  Yvo  G.  Desmedt,  Chinese  Lotto  as  an  Exhaustive  Code-Breaking 
Machine,  Computer,  24(11):  14-22,  November  1991. 

§  Michael  Wiener,  "Efficient  DES  Key  Search",  presented  at  the  Rump  session  of  Crypto  '93.  Reprinted 
in  Practical  Cryptography  for  Data  Internetworks,  W.  Stallings,  editor,  IEEE  Computer  Society  Press,  pp. 
31-79  (1996).  Currently  available  at  ftp://ripem.msu.edu/pub/crypt/docs/des-key- 
search.ps. 

II  Matt  Blaze,  Whitfield  Diffie,  Ronald  L.  Rivest,  Bruce  Schneier,  Tsutomu  Shimomura,  Eric  Thompson, 
and  Michael  Wiener.  "Minimal  key  lengths  for  symmetric  ciphers  to  provide  adequate  commercial 
security:  A  report  by  an  ad  hoc  group  of  cryptographers  and  computer  scientists",  January  1996.  Avail- 
able at  http: //www. bsa.org /policy /encrypt ion /cryptographers .html. 


Foreword  by  Whitfield  Dijfie 


Exhaustive  key  search  is  a  surprising  problem  to  have  enjoyed  such  popularity.  To 
most  people  who  have  considered  the  probem,  it  is  obvious  that  a  search  through 
2~56  possibilites  is  doable  if  somewhat  tedious.  If  it  a  is  mystery  why  so  many  of 
them,  myself  included,  have  worked  to  refine  and  solidify  their  estimates,  it  is  an 
even  greater  mystery  that  in  the  late  1990s,  some  people  have  actually  begun  to 
carry  out  key  searches. 

At  the  1997  annual  RSA  cryptographic  trade  show  in  San  Francisco,  a  prize  was 
announced  for  cracking  a  DES  cryptogram*.  The  prize  was  claimed  in  five  months 
by  a  loose  consortium  using  computers  scattered  around  the  Internets  It  was  the 
most  dramatic  success  so  far  for  an  approach  earlier  applied  to  factoring  and  to 
breaking  cryptograms  in  systems  with  40-bit  keys. 

At  the  1998  RSA  show,  the  prize  was  offered  again.  This  time  the  prize  was 
claimed  in  39  days*  a  result  that  actually  represents  a  greater  improvement  than  it 
appears  to.  The  first  key  was  found  after  a  search  of  only  25%  of  the  key  space; 
the  second  was  not  recovered  until  the  85%  mark.  Had  the  second  team  been 
looking  for  the  first  key,  they  would  have  found  it  in  a  month. 

These  efforts  used  the  magnificent  seven's  first  approach.  No  application  of  the 
second  has  yet  come  to  light.  This  book  skips  directly  to  the  third.  It  describes  a 
computer  built  out  of  custom  chips.  A  machine  that  'anyone'  can  build,  from  the 
plans  it  presents — a  machine  that  can  extract  DES  keys  in  days  at  reasonable 
prices,  or  hours  at  high  prices.  With  the  appearance  of  this  book  and  the  machine 
it  represents,  the  game  changes  forever.  It  is  not  a  question  of  whether  DES  keys 
can  be  extracted  by  exhaustive  search;  it  is  a  question  of  how  cheaply  they  can  be 
extracted  and  for  what  purposes. 

Using  a  network  of  general  purpose  machines  that  you  do  not  own  or  control  is  a 
perfectly  fine  way  of  winning  cryptanalytic  contests,  but  it  is  not  a  viable  way  of 
doing  production  cryptanalysis.  For  that,  you  have  to  be  able  to  keep  your  activi- 
ties to  yourself.  You  need  to  be  able  to  run  on  a  piece  of  hardware  that  you  can 
protect  from  unwanted  scrutiny.  This  is  such  a  machine.  It  is  difficult  to  know  how 
many  messages  have  been  encrypted  with  DES  in  the  more  than  two  decades  that 
it  has  been  a  standard.  Even  more  difficult  is  knowing  how  many  of  those  mes- 
sages are  of  enduring  interest  and  how  many  have  already  been  captured  or 
remain  potentially  accessible  on  disks  or  tapes,  but  the  number,  no  matter  pre- 
cisely how  the  question  is  framed  must  be  large.  All  of  these  messages  must  now 
be  considered  to  be  vulnerable. 


*  http: //www. rsa.com/rsalabs/97challenge/ 

t  June       17,        1997,       See       the       announcements       at       http://www.rsa.com/des/        and 
http: //www. frii . com/~rcv/deschall .htm 

t  February   24,    1998,    http://www.wired.com/news/news/technology/story/10544.html 
and  http: //www. distributed. net. 
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The  vulnerability  does  not  end  there,  however,  for  cryptosystems  have  nine  lives. 
The  most  convincing  argument  that  DES  is  insecure  would  not  outweigh  the  vast 
investment  in  DES  equipment  that  has  accumulated  throughout  the  world.  People 
will  continue  using  DES  whatever  its  shortcomings,  convincing  themselves  that  it  is 
adequate  for  their  needs.  And  DES,  with  its  glaring  vulnerabilities,  will  go  on  pre- 
tending to  protect  information  for  decades  to  come. 


Preface 


In  privacy  and  computer  security,  real  information  is  too  hard  to  find.  Most  people 
don't  know  what's  really  going  on,  and  many  people  who  do  know  aren't  telling. 

This  book  was  written  to  reveal  a  hidden  truth.  The  standard  way  that  the  US  Gov- 
ernment recommends  that  we  make  information  secure  and  private,  the  "Data 
Encryption  Standard"  or  DES,  does  not  actually  make  that  information  secure  or 
private.  The  government  knows  fairly  simple  ways  to  reveal  the  hidden  informa- 
tion (called  "cracking"  or  "breaking"  DES). 

Many  scientists  and  engineers  have  known  or  suspected  this  for  years.  The  ones 
who  know  exactly  what  the  government  is  doing  have  been  unable  to  tell  the 
public,  fearing  prosecution  for  revealing  "classified"  information.  Those  who  are 
only  guessing  have  been  reluctant  to  publish  their  guesses,  for  fear  that  they  have 
guessed  wrong. 

This  book  describes  a  machine  which  we  actually  built  to  crack  DES.  The  machine 
exists,  and  its  existence  can  easily  be  verified.  You  can  buy  one  yourself,  in  the 
United  States;  or  can  build  one  yourself  if  you  desire.  The  machine  was  designed 
and  built  in  the  private  sector,  so  it  is  not  classified.  We  have  donated  our  design 
to  the  public  domain,  so  it  is  not  proprietary.  There  is  no  longer  any  question  that 
it  can  be  built  or  has  been  built.  We  have  published  its  details  so  that  other  scien- 
tists and  engineers  can  review,  reproduce,  and  build  on  our  work.  There  can  be 
no  more  doubt.  DES  is  not  secure. 
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Chapters 

The  first  section  of  the  book  describes  the  Electronic  Frontier  Foundation's 
research  project  to  build  a  machine  to  crack  DES.  The  next  section  provides  full 
technical  details  on  the  machine  that  we  designed:  for  review,  critique,  explo- 
ration, and  further  evolution  by  the  cryptographic  research  community.  The  final 
section  includes  several  hard-to-find  technical  reports  on  brute  force  methods  of 
cracking  DES. 

Technical  description 

Chapter  1,  Overview,  introduces  our  project  and  gives  the  basic  architecture  of  the 
Electronic  Frontier  Foundation's  DES-cracking  machine. 

Chapter  2,  Design  Specification,  by  Paul  Kocher  of  Cryptography  Research,  pro- 
vides specifications  for  the  machine  from  a  software  author's  point  of  view. 

Chapter  3,  Hardware  Specification,  by  Advanced  Wireless  Technologies,  provides 
specifications  for  the  custom  gate  array  chips,  and  the  boards  that  carry  them,  from 
a  hardware  designer's  point  of  view. 

Technical  design  details 

Chapter  4,  Scanning  the  Source  Code,  explains  how  you  can  feed  this  book 
through  an  optical  scanner  and  regenerate  the  exact  source  code  needed  to  build 
the  software  and  the  specialized  gate  array  chip  that  we  designed. 

Chapter  5,  Software  Source  Code,  contains  a  complete  listing  of  the  C-language 
software  that  runs  on  a  PC  and  controls  the  DES-Cracker. 

Chapter  6,  Chip  Source  Code,  contains  a  complete  listing  of  the  chip  design  lan- 
guage (VHDL)  code  that  specifies  how  we  designed  the  custom  gate  array  chip. 

Chapter  7,  Chip  Simulator  Source  Code,  contains  a  complete  listing  of  the  C-lan- 
guage software  that  simulates  the  operation  of  the  chip,  for  understanding  how  the 
chip  works,  and  for  generating  test-vectors  to  make  sure  that  the  chips  are  prop- 
erly fabricated. 

Chapter  8,  Hardware  Board  Schematics,  provides  schematic  diagrams  of  the 
boards  which  provide  power  and  a  computer  interface  to  the  custom  chips,  as 
well  as  information  on  the  layout  of  the  boards  and  the  backplanes  that  connect 
them. 
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Related  Research  Papers 

Chapter  9,  Breaking  One  Million  DES  Keys  by  Yvo  Desmedt,  is  a  1987  paper 
proposing  an  interesting  design  for  a  machine  that  could  search  for  many  DES 
keys  simultaneously. 

Chapter  10,  Architectural  considerations  for  cryptanalytic  hardware,  by  Ian  Gold- 
berg and  David  Wagner,  is  a  1996  study  that  explores  cracking  DES  and  related 
ciphers  by  using  field-programmable  gate  array  chips. 

Chapter  11,  Efficient  DES  Key  Search  -An  Update,  by  Michael  J.  Wiener,  revises  for 
1998  the  technology  estimates  from  his  seminal  1993  paper,  which  was  the  first  to 
include  full  schematic  diagrams  of  a  custom  chip  designed  to  crack  DES. 

Chapter  12,  About  the  Authors,  describes  the  foundation  and  the  companies  which 
collaborated  to  build  this  project. 
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Overview 


Politics  of  Decryption 


We  began  the  Electronic  Frontier  Foundation's  DES  Cracker  project  because  of  our 
interest  in  the  politics  of  decryption.*  The  vulnerability  of  widely  used  encryption 
standards  like  DES  is  important  for  the  public  to  understand. 

A  "DES  Cracker"  is  a  machine  that  can  read  information  encrypted  with  the  Data 
Encryption  Standard  (DES),  by  finding  the  key  that  was  used  to  encrypt  it.  "Crack- 
ing DES"  is  a  name  for  this  search  process.  It  is  most  simply  done  by  trying  every 
possible  key  until  the  right  one  is  found,  a  tedious  process  called  "brute-force 
search". 

If  DES-encrypted  information  can  easily  be  decrypted  by  those  who  are  not 
intended  to  see  it,  the  privacy  and  security  of  our  infrastructures  that  use  DES  are 
at  risk.  Many  political,  social,  and  technological  decisions  depend  on  just  how 
hard  it  is  to  crack  DES. 

We  noticed  an  increasing  number  of  situations  in  which  highly  talented  and 
respected  people  from  the  U.S.  Government  were  making  statements  about  how 
long  it  takes  to  crack  DES.  In  all  cases,  these  statements  were  at  odds  with  our 
own  estimates  and  those  of  the  cryptographic  research  community.  A  less  polite 
way  to  say  it  is  that  these  government  officials  were  lying,  incompetent,  or  both. 
They  were  stating  that  cracking  DES  is  much  more  expensive  and  time-consuming 
than  we  believed  it  to  be.  A  very  credible  research  paper  had  predicted  that  a 


*  DES,  the  Data  Encryption  Standard,  encrypts  a  confidential  message  into  scrambled  output  under  the 
control  of  a  secret  key.  The  input  message  is  also  known  as  "plaintext",  and  the  resulting  output  as 
"ciphertext".  The  idea  is  that  only  recipients  who  know  the  secret  key  can  decrypt  the  ciphertext  to 
obtain  the  original  message.    DES  uses  a  56-bit  key,  so  there  are  256  possible  keys. 
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machine  could  be  built  for  $1.5  million,  including  development  costs,  that  would 
crack  DES  in  3-1/2  hours.  Yet  we  were  hearing  estimates  of  thousands  of  comput- 
ers and  weeks  to  years  to  crack  a  single  message. 

On  Thursday,  June  26,  1997  the  U.S.  House  of  Representatives'  Committee  on 
International  Relations  heard  closed,  classified  testimony  on  encryption  policy 
issues.  The  Committee  was  considering  a  bill  to  eliminate  export  controls  on  cryp- 
tography. After  hearing  this  testimony,  the  Committee  gutted  the  bill  and  inserted  a 
substitute  intended  to  have  the  opposite  effect.  A  month  later,  a  censored  tran- 
script of  the  hearing  was  provided;  see  http://jya.com/hir-hear.htm. 
Here  are  excerpts: 

Statement  of  Louis  J.  Freeh,  Director,  Federal  Bureau  of 
Investigation 

.  .  .  And  we  do  not  have  the  computers,  we  do  not  have  the  technology  to  get 
either  real-time  access  to  that  information  or  any  kind  of  timely  access. 

If  we  hooked  together  thousands  of  computers  and  worked  together  over  4 
months  we  might,  as  was  recently  demonstrated  decrypt  one  message  bit.  That  is 
not  going  to  make  a  difference  in  a  kidnapping  case,  it  is  not  going  to  make  a  dif- 
ference in  a  national  security  case.  We  don't  have  the  technology  or  the  brute 
force  capability  to  get  to  this  information. 

Statement  of  William  P.  Crowell,  Deputy  Director,  National  Security 
Agency 

...  I  would  go  further  and  say  there  have  been  people  who  have  said  that  Louis 
Freeh's  organization  should  just  get  smarter  technically,  and  if  they  were  just 
smarter  technically,  they  would  be  able  to  break  all  of  this  stuff.  I  would  like  to 
leave  you  with  just  one  set  of  statistics,  and  then  I  think  I  am  going  to  close  with 
just  a  few  comments  on  the  bill  itself. 

There   is  no  brute   force   solution  for  law  enforcement,   [blacked   out   


]  a  group  of  students  —  not  students  —  the  Internet 

gang  last  week  broke  a  single  message  using  56-bit  DES.  It  took  78,000  computers 
96  days  to  break  one  message,  and  the  headline  was,  DES  has  weak  encryption. 

He  doesn't  consider  that  very  weak.  If  that  had  been  64-bit  encryption,  which  is 
available  for  export  today,  and  is  available  freely  for  domestic  use,  that  same  effort 
would  have  taken  7,000  years.  And  if  it  had  been  128-bit  cryptography,  which  is 
what  PGP  is,  pretty  good  privacy,  it  would  have  taken  8.6  trillion  times  the  age  of 
the  universe. 
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Comments  made  later  in  the  hearing 

Chairman  Gilman.  Would  you  need  added  manpower  resource  and  equipment  if 
there  is  a  need  to  decrypt?  And  would  that  add  to  your  already  difficult  case  of 
language  translation  in  many  of  your  wiretaps? 

Director  Freeh.  We  would  certainly  need  those  resources,  but  I  think  more  impor- 
tantly is  the  point  that  was  made  here.  Contrary  to  the  National  Research  Council 
recommendation  that  the  FBI  buy  more  computers  and  Bill  Gates'  suggestion  to 
me     that     we     upgrade     our     research     and     development     [blacked     out- — 

]  American  industry  cannot  do  it,  and  that  is  decrypt  real  time 

encryption  over  a  very  minimal  level  of  robustness,  [blacked  out ]  If  you 

gave  me  $3  million  to  buy  a  Cray  computer,  it  would  take  me  how  many  years  to 
do  one  message  bit? 

Mr.  Crowell.  64  bits,  7,000  years. 

Director  Freeh.  I  don't  have  that  time  in  a  kidnapping  case.  It  would  kill  us. 

On  March  17,  1998,  Robert  S.  Litt,  Principal  Associate  Deputy  Attorney  General, 
testified  to  the  U.S.  Senate  Judiciary  Committee,  Subcommittee  on  the  Constitution, 
Federalism,  and  Property.  The  subject  of  the  hearing  was  "Privacy  in  a  Digital  Age: 
Encryption   and   Mandatory  Access".    Mr.    Litt's   whole   statement   is   available   at 

http: //www. computerprivacy . org/archive/0317199  8-4 . shtml.  The 
part  relevant  to  DES  cracking  is: 

Some  people  have  suggested  that  this  is  a  mere  resource  problem  for  law  enforce- 
ment. They  believe  that  law  enforcement  agencies  should  simply  focus  their 
resources  on  cracking  strong  encryption  codes,  using  high-speed  computers  to  try 
every  possible  key  when  we  need  lawful  access  to  the  plaintext  of  data  or  com- 
munications that  is  evidence  of  a  crime.  But  that  idea  is  simply  unworkable, 
because  this  kind  of  brute  force  decryption  takes  too  long  to  be  useful  to  protect 
the  public  safety.  For  example,  decrypting  one  single  message  that  had  been 
encrypted  with  a  56-bit  key  took  14,000  Pentium-level  computers  over  four 
months;  obviously,  these  kinds  of  resources  are  not  available  to  the  FBI,  let  alone 
the  Jefferson  City  Police  Department. 

What's  Wrong  With  Their  Statements? 

Some  of  the  testimony  quoted  may  have  been  literally  true;  nevertheless,  it  is 
deceptive.  All  of  the  time  estimates  presented  by  Administration  officials  were 
based  on  use  of  general-purpose  computers  to  do  the  job.  But  that's  fundamentally 
the  wrong  way  to  do  it,  and  they  know  it. 

A  ordinary  computer  is  ill-suited  for  use  as  a  DES  Cracker.  In  the  first  place,  the 
design  of  DES  is  such  that  it  is  inherently  very  slow  in  software,  but  fast  in  hard- 
ware. Second,  current  computers  do  very  little  in  parallel;  the  designers  don't 
know  exactly  what  instructions  will  be  executed,  and  must  allow  for  all  combina- 
tions. 
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The  right  way  to  crack  DES  is  with  special-purpose  hardware.  A  custom-designed 
chip,  even  with  a  slow  clock,  can  easily  outperform  even  the  fastest  general-pur- 
pose computer.  Besides,  you  can  get  many  such  chips  on  a  single  board,  rather 
than  the  one  or  two  on  a  typical  computer's  motherboard. 

There  are  practical  limits  to  the  key  sizes  which  can  be  cracked  by  brute-force 
searching,  but  since  NSA  deliberately  limited  the  key  size  of  DES  to  56  bits,  back 
in  the  1970's  when  it  was  designed,  DES  is  crackable  by  brute  force.  Today's  tech- 
nology might  not  be  able  to  crack  other  ciphers  with  64-bit  or  128-bit  keys  —  or  it 
might.  Nobody  will  know  until  they  have  tried,  and  published  the  details  for  scien- 
tific scrutiny.  Most  such  ciphers  have  very  different  internal  structure  than  DES, 
and  it  may  be  possible  to  eliminate  large  numbers  of  possible  keys  by  taking 
advantage  of  the  structure  of  the  cipher.  Some  senior  cryptographers  estimated 
what  key  sizes  were  needed  for  safety  in  a  1996  paper;*  they  suggest  that  to  pro- 
tect against  brute  force  cracking,  today's  keys  should  have  a  minimum  of  75  bits, 
and  to  protect  information  for  twenty  years,  a  minimum  of  90  bits. 

The  cost  of  brute-force  searching  also  overstates  the  cost  of  recovering  encrypted 
text  in  the  real  world.  A  key  report  on  the  real  impact  of  encryption  on  law 
enforcementt  reveals  that  there  are  no  cases  in  which  a  lack  of  police  access  to 
encrypted  files  resulted  in  a  suspected  criminal  going  free.  In  most  cases  the  plain- 
text was  recovered  by  other  means,  such  as  asking  the  suspect  for  the  key,  or 
finding  another  copy  of  the  information  on  the  disk.  Even  when  brute  force  is  the 
method  of  choice,  keys  are  seldom  truly  random,  and  can  be  searched  in  the  most 
likely  order. 

Export  Controls  and  DES 

The  U.S.  Government  currently  restricts  the  ability  of  companies,  individuals,  and 
researchers  to  export  hardware  or  software  that  includes  the  use  of  DES  for  confi- 
dentiality. These  "export  controls"  have  been  a  severe  impediment  to  the  develop- 
ment of  security  and  privacy  for  networked  computers,  cellular  phones,  and  other 
popular  communications  devices.  The  use  of  encryption  algorithms  stronger  than 
DES  is  also  restricted. 

In  December  1996,  the  government  formally  offered  exporters  the  ability  to  incor- 
porate DES,  but  nothing  stronger,  into  their  products.  The  catch  is  that  these  com- 
panies would  have  to  sign  an  agreement  with  the  government,  obligating  them  to 


*  Minimal  Key  Lengths  For  Symmetric  Ciphers  To  Provide  Adequate  Commercial  Security:  A  Report  By 
An  Ad  Hoc  Group  Of  Cryptographers  And  Computer  Scientists.  Matt  Blaze,  Whitfield  Diffie,  Ronald  L. 
Rivest,  Bruce  Schneier,  Tsutomu  Shimomura,  Eric  Thompson,  Michael  Wiener,  January  1996.    Available 

at  http: //www. bsa.org /policy /encrypt ion /index. html. 

f  Encryption  and  Evolving  Technologies:  Tools  of  Organized  Crime  and  Terrorism,  by  Dorothy  E.  Den- 
ning and  William  E.  Baugh,  Jr.    National  Strategy  Information  Center,  1997.    ISSN  1093-7269. 
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install  "key  recovery"  into  their  products  within  two  years.  Key  recovery  technol- 
ogy provides  a  way  for  the  government  to  decrypt  messages  at  will,  by  offering 
the  government  a  copy  of  the  key  used  in  each  message,  in  a  way  that  the  prod- 
uct's user  cannot  circumvent  or  control.  In  short,  the  government's  offer  was:  col- 
lude with  us  to  violate  your  customers'  privacy,  or  we  won't  let  you  export  any 
kind  of  secure  products. 

At  the  same  time,  the  FBI  was  let  into  the  group  that  reviews  each  individual  com- 
pany's application  to  export  a  cryptographic  product.  All  reports  indicate  that  the 
FBI  is  making  good  on  the  threat,  by  objecting  to  the  export  of  all  kinds  of  prod- 
ucts that  pose  no  threat  at  all  to  the  national  security  (having  been  exportable  in 
previous  years  before  the  FBI  gained  a  voice).  The  FBI  appears  to  think  that  by 
making  itself  hated  and  feared,  it  will  encourage  companies  to  follow  orders. 
Instead  it  is  encouraging  companies  to  overturn  the  regulatory  scheme  that  lets  the 
FBI  abuse  the  power  to  control  exports.  Industry  started  a  major  lobbying  group 
called  Americans  for  Computer  Privacy  (http : //www. computerpri- 
vacy .  org),  which  is  attempting  to  change  the  laws  to  completely  decontrol  non- 
military  encryption  exports. 

Some  dozens  of  companies  to  signed  up  for  key  recovery,  though  it  is  unclear 
how  many  actually  plan  to  follow  through  on  their  promise  to  deploy  the  technol- 
ogy. You  will  not  find  many  of  these  companies  trumpeting  key  recovery  in  their 
product  advertisements.  Users  are  wary  of  it  since  they  know  it  means  compro- 
mised security.  If  customers  won't  buy  such  products,  companies  know  it  makes 
no  sense  to  develop  them. 

The  best  course  for  companies  is  probably  to  develop  products  that  provide  actual 
security,  in  some  jurisdiction  in  the  world  which  does  not  restrict  their  export. 
Some  companies  are  doing  so.  The  government's  "compromise"  offer  discourages 
hesitant  companies  from  taking  this  step,  by  providing  a  more  moderate  and  con- 
ciliatory step  that  they  can  take  instead.  Companies  that  go  to  the  effort  to  build 
overseas  cryptographic  expertise  all  use  stronger  technology  than  DES,  as  a  selling 
point  and  to  guard  against  early  obsolesence.  If  those  companies  can  be  con- 
vinced to  stay  in  the  US,  play  the  government's  key-recovery  game,  and  stick  with 
DES,  the  government  continues  to  win,  and  the  privacy  of  the  public  continues  to 
lose. 

The  success  or  failure  of  the  government's  carrot-and-stick  approach  depends  on 
keeping  industry  and  the  public  misled  about  DES's  security.  If  DES-based  prod- 
ucts were  perceived  as  insecure,  there  would  be  little  reason  for  companies  to  sign 
away  their  customers'  privacy  birthrights  in  return  for  a  mess  of  DES  pottage.  If 
DES-based  products  are  perceived  as  secure,  but  the  government  actually  knows 
that  the  products  are  insecure,  then  the  government  gets  concessions  from  compa- 
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nies,  without  impacting  its  ability  to  intercept  communications.  Keeping  the  public 
ignorant  gives  the  government  the  best  of  both  worlds. 

Political  Motivations  and  EFF's  Response 

We  speculate  that  government  officials  are  deliberately  misleading  the  public  about 
the  strength  of  DES  encryption: 

•  To  encourage  the  public  to  continue  using  DES,  so  their  agencies  can  eaves- 
drop on  the  public. 

•  To  prevent  the  widespread  adoption  of  stronger  standards  than  DES,  which 
the  government  would  have  more  trouble  decrypting. 

•  To  offer  DES  exportability  as  a  bargaining-chip,  which  actually  costs  the  gov- 
ernment little,  but  is  perceived  to  be  valuable. 

•  To  encourage  policy-makers  such  as  Congressmen  or  the  President  to  impose 
drastic  measures  such  as  key  recovery,  in  the  belief  that  law  enforcement  has 
a  major  encrypted-data  problem  and  no  practical  way  to  crack  codes. 

As  advocates  on  cryptography  policy,  we  found  ourselves  in  a  hard  situation.  It 
appeared  that  highly  credible  people  were  either  deliberately  lying  to  Congress 
and  to  the  public  in  order  to  advance  their  own  harmful  agendas,  or  were  advo- 
cating serious  infringement  of  civil  liberties  based  on  their  own  ignorance  of  the 
underlying  issues.  Most  troubling  is  the  possibility  that  they  were  lying.  Perhaps 
these  government  executives  merely  saw  themselves  as  shielding  valuable  classi- 
fied efforts  from  disclosure.  As  advocates  of  good  government,  we  do  not  see  that 
classifying  a  program  is  any  justification  for  an  official  to  perjure  themselves  when 
testifying  about  it.  (Declining  to  state  an  opinion  is  one  thing;  making  untruthful 
statements  as  if  they  were  facts  is  quite  another.) 

The  National  Research  Council  studied  encryption  issues  and  published  a  very 
complete  1996  report.*  The  most  interesting  conclusion  of  their  report  was  that 
"the  debate  over  national  cryptography  policy  can  be  carried  out  in  a  reasonable 
manner  on  an  unclassified  basis".  This  presumes  good  faith  on  the  part  of  the 
agencies  who  hide  behind  classified  curtains,  though.  If  it  turns  out  that  their  pub- 
lic statements  are  manipulative  falsehoods,  an  honest  and  reasonable  public 
debate  must  necessarily  exclude  them,  as  dishonest  and  unreasonable  participants. 

In  the  alternative,  if  poor  policy  decisions  are  being  made  based  on  the  ignorance 
or  incomptence  of  senior  government  officials,  the  role  of  honest  advocates  should 
be  to  inform  the  debate. 


*  Cryptography's  Role  In  Securing  the  Information  Society,  Kenneth  W.  Dam  and  Herbert  S.  Lin,  edi- 
tors.   National  Academy  Press,  Washington,  DC,  1996. 
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In  response  to  these  concerns,  EFF  began  a  research  program.  Our  research  results 
prove  that  DES  can  be  cracked  quickly  on  a  low  budget.  This  proves  that  these 
officials  were  either  lying  or  incompetent.  The  book  you  are  holding  documents 
the  research,  and  allows  it  to  be  validated  by  other  scientists. 

Goals 

The  goal  of  EFF's  DES  Cracker  research  project  is  to  determine  just  how  cheap  or 
expensive  it  is  to  build  a  machine  that  cracks  DES  usefully. 

Technically,  we  were  also  interested  in  exploring  good  designs  for  plaintext  recog- 
nizers. These  are  circuits  that  can  notice  when  the  result  of  decryption  is  likely 
enough  to  be  correct  that  specialized  software  —  or  a  human  —  should  look  at  it. 
Little  research  has  been  published  on  them,*  yet  they  are  a  vital  part  of  any  effi- 
cient system  for  cryptanalysis. 

Merely  doing  the  research  would  let  EFF  learn  the  truth  about  the  expense  of 
cracking  DES.  But  only  publishing  the  research  and  demonstrating  the  machine 
would  educate  the  public  on  the  truth  about  the  strength  of  DES.  Press  releases 
and  even  technical  papers  would  not  suffice;  the  appearance  of  schematics  for  a 
million-dollar  DES  Cracker  in  Michael  Wiener's  excellent  1993  paper  should  have 
been  enough.  But  people  still  deploy  DES,  and  Congressmen  blindly  accept  the 
assurances  of  high  officials  about  its  strength. 

There  are  many  people  who  will  not  believe  a  truth  until  they  can  see  it  with  their 
own  eyes.  Showing  them  a  physical  machine  that  can  crack  DES  in  a  few  days  is 
the  only  way  to  convince  some  people  that  they  really  cannot  trust  their  security 
to  DES. 

Another  set  of  people  might  not  believe  our  claims  unless  several  other  teams 
have  reproduced  them.  (This  is  a  basic  part  of  the  scientific  method.)  And  many 
people  will  naturally  be  interested  in  how  such  a  box  works,  and  how  it  was  built 
for  only  about  $200,000.  This  book  was  written  for  such  people.  It  contains  the 
complete  specifications  and  design  documents  for  the  DES  Cracker,  as  well  as  cir- 
cuit diagrams  for  its  boards,  and  complete  listings  of  its  software  and  its  gate  array 
design.  The  full  publication  of  our  design  should  enable  other  teams  to  rapidly 
reproduce,  validate,  and  improve  on  our  design. 


*  But  see:  David  A.  Wagner  and  Steven  M.  Bellovin,  "A  Programmable  Plaintext  Recognizer,"  1994. 
Available  at  http:  //www.  research. at t .  com/~smb/papers/recog.ps  or  recog.pdf. 


1-8  Chapter  1:  Overview 


History  ofDES  Cracking 


DES  Crackers  have  been  mentioned  in  the  scientific  and  popular  literature  since 
the  1970's.  Whitfield  Diffie's  Foreword  describes  several  of  them.  The  most  recent 
detailed  description  was  in  a  paper  by  Michael  Wiener  of  Bell  Northern  Research 
in  1993.  Wiener's  paper  included  a  detailed  hardware  design  of  a  DES  Cracker 
built  with  custom  chips.  The  chips  were  to  be  built  into  boards,  and  the  boards 
into  mechanical  "frames"  like  those  of  telephone  central  office  switches.  A  com- 
pleted design  would  have  cost  about  a  million  dollars  and  would  determine  a  DES 
key  from  known  plaintext  and  known  ciphertext  in  an  average  of  3-1/2  hours  (7 
hours  in  the  worst  case). 

Mr.  Wiener  updated  his  conclusions  in  1998,  adjusting  for  five  years  of  technologi- 
cal change.  His  update  paper  is  included  in  this  book,  thanks  to  the  courtesy  of 
RSA  Data  Security,  which  originally  published  his  update. 

Ian  Goldberg  and  David  Wagner  of  the  University  of  California  at  Berkeley  took  a 
different  approach.  Their  design  used  a  "field  programmable  gate  array"  (FPGA), 
which  is  a  chip  that  can  be  reprogrammed  after  manufacturing  into  a  variety  of 
different  circuits. 

FPGA  chips  are  slower  than  the  custom  chips  used  in  the  Wiener  design,  but  can 
be  bought  quickly  in  small  quantities,  without  a  large  initial  investment  in  design. 
Rather  than  spend  a  big  chunk  of  a  million  dollars  to  design  a  big  machine,  these 
researchers  bought  one  or  two  general  purpose  chips  and  programmed  them  to  be 
a  slow  DES  Cracker.  This  let  them  quickly  measure  how  many  slow  chips  they 
would  need  to  pile  up  to  make  a  practical  DES  Cracker.  Their  paper  is  also 
included  in  this  book. 


EFF's  DES  Cracker  Project 


The  Electronic  Frontier  Foundation  began  its  investigation  into  DES  Cracking  in 
1997.  The  original  plan  was  to  see  if  a  DES  Cracker  could  be  built  out  of  a 
machine  containing  a  large  number  of  FPGA's. 

Large  machines  built  out  of  FPGAs  exist  in  the  commercial  market  for  use  in  simu- 
lating large  new  chip  designs  before  the  chip  is  built.  A  collection  of  thousands  of 
relatively  incapable  FPGA  chips  can  be  put  together  to  simulate  one  very  capable 
custom  chip,  although  at  l/10th  or  l/100th  of  the  speed  that  the  eventual  custom 
chip  would  run  at.  This  capability  is  used  by  chip  designers  to  work  the  "bugs" 
out  of  their  chip  before  committing  to  the  expensive  and  time-consuming  step  of 
fabricating  physical  chips  from  their  design. 

EFF  never  got  access  to  such  a  chip  simulator.  Instead,  our  investigations  led  us  to 
Paul  Kocher  of  Cryptography  Research.  Paul  had  previously  worked  with  a  team 
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of  hardware  designers  who  knew  how  to  build  custom  gate  array  chips  cheaply, 
in  batches  of  a  few  thousand  chips  at  a  time. 

Paul  and  EFF  met  with  the  chip  designers  at  Advanced  Wireless  Technologies,  and 
determined  that  a  workable  DES  Cracker  could  be  built  on  a  budget  of  about 
$200,000.  The  resulting  machine  would  take  less  than  a  week,  on  average,  to 
determine  the  key  from  a  single  8-byte  sample  of  known  plaintext  and  ciphertext. 
Moreover,  it  would  determine  the  key  from  a  16-byte  sample  of  ciphertext  in 
almost  the  same  amount  of  time,  if  the  statistical  characteristics  of  the  plaintext 
were  known  or  guessable.  For  example,  if  the  plaintext  was  known  to  be  an  elec- 
tronic mail  message,  it  could  find  all  keys  that  produce  plaintext  containing  noth- 
ing but  letters,  numbers,  and  punctuation.  This  makes  the  machine  much  more 
usable  for  solving  real-world  decryption  problems. 

There  is  nothing  revolutionary  in  our  DES  Cracker.  It  uses  ordinary  ideas  about 
how  to  crack  DES  that  have  been  floating  around  in  the  cryptographic  research 
community  for  many  years.  The  only  difference  is  that  we  actually  built  it,  instead 
of  just  writing  papers  about  it.  Very  similar  machines  could  have  been  built  last 
year,  or  the  year  before,  or  five  or  ten  years  ago;  they  would  have  just  been  slower 
or  more  expensive. 

Architecture 

The  design  of  the  EFF  DES  Cracker  is  simple  in  concept.  It  consists  of  an  ordinary 
personal  computer  connected  with  a  large  array  of  custom  chips.  Software  in  the 
personal  computer  instructs  the  custom  chips  to  begin  searching,  and  interacts 
with  the  user.  The  chips  run  without  further  help  from  the  software  until  they  find 
a  potentially  interesting  key,  or  need  to  be  directed  to  search  a  new  part  of  the 
key  space.  The  software  periodically  polls  the  chips  to  find  any  potentially  inter- 
esting keys  that  they  have  turned  up. 

The  hardware's  job  isn't  to  find  the  answer,  but  rather  to  eliminate  most  of  the 
answers  that  are  incorrect.  Software  is  then  fast  enough  to  search  the  remaining 
potentially-correct  keys,  winnowing  the  "false  positives"  from  the  real  answer.  The 
strength  of  the  machine  is  that  it  replicates  a  simple  but  useful  search  circuit  thou- 
sands of  times,  allowing  the  software  to  find  the  answer  by  searching  only  a  tiny 
fraction  of  the  key  space. 

As  long  as  there  is  a  small  bit  of  software  to  coordinate  the  effort,  the  problem  of 
searching  for  a  DES  key  is  "highly  parallelizable".  This  means  the  problem  can  be 
usefully  solved  by  many  machines  working  in  parallel,  simultaneously.  For  exam- 
ple, a  single  DES-Cracker  chip  could  find  a  key  by  searching  for  many  years.  A 
thousand  DES-Cracker  chips  can  solve  the  same  problem  in  one  thousandth  of  the 
time.  A  million  DES-Cracker  chips  could  theoretically  solve  the  same  problem  in 
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about  a  millionth  of  the  time,  though  the  overhead  of  starting  each  chip  would 
become  visible  in  the  time  required.  The  actual  machine  we  built  contains  1536 
chips. 

When  conducting  a  brute-force  search,  the  obvious  thing  to  do  is  to  try  every  pos- 
sible key,  but  there  are  some  subtleties.  You  can  try  the  keys  in  any  order.  If  you 
think  the  key  isn't  randomly  selected,  start  with  likely  ones.  When  you  finally  find 
the  right  key,  you  can  stop;  you  don't  have  to  try  all  the  rest  of  the  keys.  You 
might  find  it  in  the  first  million  tries;  you  might  find  it  in  the  last  million  tries.  On 
average,  you  find  it  halfway  through  (after  trying  half  the  keys).  As  a  result,  the 
timings  for  brute-force  searches  are  generally  given  as  the  average  time  to  find  a 
key.  The  maximum  time  is  double  the  average  time. 

Search  units 

The  search  unit  is  the  heart  of  the  EFF  DES  Cracker;  it  contains  thousands  of  them. 

A  search  unit  is  a  small  piece  of  hardware  that  takes  a  key  and  two  64-bit  blocks 
of  ciphertext.  It  decrypts  a  block  of  ciphertext  with  the  key,  and  checks  to  see  if 
the  resulting  block  of  plaintext  is  "interesting".  If  not,  it  adds  1  to  the  key  and 
repeats,  searching  its  way  through  the  key  space. 

If  the  first  decryption  produces  an  "interesting"  result,  the  same  key  is  used  to 
decrypt  the  second  block  of  ciphertext.  If  both  are  interesting,  the  search  unit 
stops  and  tells  the  software  that  it  has  found  an  interesting  key.  If  the  second 
block's  decryption  is  uninteresting,  the  search  unit  adds  one  to  the  key  and  goes 
on  searching  the  key  space. 

When  a  search  unit  stops  after  finding  an  interesting  result,  software  on  the  host 
computer  must  examine  the  result,  and  determine  whether  it's  the  real  answer,  or 
just  a  "false  positive".  A  false  positive  is  a  plaintext  that  looked  interesting  to  the 
hardware,  but  which  actually  isn't  a  solution  to  the  problem.  The  hardware  is 
designed  to  produce  some  proportion  of  false  positives  along  with  the  real  solu- 
tion. (The  job  of  the  hardware  isn't  to  find  the  answer,  but  to  eliminate  the  vast 
majority  of  the  non-answers.)  As  long  as  the  false  positives  don't  occur  so  rapidly 
that  they  overwhelm  the  software's  ability  to  check  and  reject  them,  they  don't 
hurt,  and  they  simplify  the  hardware  and  allow  it  to  be  more  general-purpose.  For 
the  kinds  of  problems  that  we're  trying  to  solve,  the  hardware  is  designed  to  waste 
less  than  1%  of  the  search  time  on  false  positives. 
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Recognizing  interesting  plaintext 

What  defines  an  interesting  result?  If  we  already  know  the  plaintext,  and  are  just 
looking  for  the  key,  an  interesting  result  would  be  if  the  plaintext  from  this  key 
matches  our  known  block  of  plaintext.  If  we  don't  know  the  plaintext,  perhaps  the 
guess  that  it's  all  composed  of  letters,  digits,  and  punctuation  defines  "interesting". 
The  test  has  to  be  simple  yet  flexible.  We  ended  up  with  one  that's  simple  for  the 
hardware,  but  a  bit  more  complicated  for  the  software. 

Each  result  contains  eight  8-bit  bytes.  First,  the  search  unit  looks  at  each  byte  of 
the  result.  Such  a  byte  can  have  any  one  of  256  values.  The  search  unit  is  set  up 
with  a  table  that  defines  which  of  these  256  byte  values  are  "interesting"  and 
which  are  uninteresting.  For  example,  if  the  plaintext  is  known  to  be  all  numeric, 
the  software  sets  up  the  table  so  that  the  ten  digits  (0  to  9)  are  interesting,  and  all 
other  potential  values  are  uninteresting. 

The  result  of  decrypting  with  the  wrong  key  will  look  pretty  close  to  random.  So 
the  chance  of  having  a  single  byte  look  "interesting"  will  be  based  on  what  frac- 
tion of  the  256  values  are  defined  to  be  "interesting".  If,  say,  69  characters  are 
interesting  (A-Z,  a-z,  0-9,  space,  and  a  few  punctuation  characters),  then  the 
chance  of  a  random  byte  appearing  to  be  interesting  is  69/256  or  about  1/4.  These 
don't  look  like  very  good  odds;  the  chip  would  be  stopping  on  one  out  of  every 
four  keys,  to  tell  the  software  about  "interesting"  but  wrong  keys. 

But  the  "interest"  test  is  repeated  on  each  byte  in  the  result.  If  the  chance  of  hav- 
ing a  wrong  key's  byte  appear  interesting  is  1/4,  then  the  chance  of  two  bytes 
appearing  interesting  is  1/4  of  1/4,  or  l/l6th.  For  three  bytes,  l/4th  of  l/4th  of 
l/4th,  or  l/64th.  By  the  time  the  chip  examines  all  8  bytes  of  a  result,  it  only 
makes  a  mistake  on  1/6 5 5 36th  of  the  keys  (1/48  keys). 

That  seems  like  a  pretty  small  number,  but  when  you're  searching  through 
72,057,594,037,927,936  keys  (256  keys,  or  72  quadrillion  keys),  you  need  all  the 
help  you  can  get.  Even  having  the  software  examine  l/65536th  of  the  possible 
keys  would  require  looking  at  1,099,511,627,776  keys  (240  or  about  a  trillion  keys). 
So  the  chip  provides  a  bit  more  help. 

This  help  comes  from  that  second  block  of  ciphertext.  If  every  byte  of  a  result 
looks  interesting  when  the  first  block  of  ciphertext  is  decrypted,  the  chip  goes 
back  around  and  decrypts  the  second  block  of  ciphertext  with  the  same  key.  This 
divides  the  "error  rate"  by  another  factor  of  65536,  leaving  the  software  with  only 
16,777,216  (224  or  about  sixteen  million)  keys  to  look  at.  Software  on  modern 
computers  is  capable  of  handling  this  in  a  reasonable  amount  of  time. 

(If  we  only  know  one  block  of  ciphertext,  we  just  give  the  chip  two  copies  of  the 
same  ciphertext.  It  will  test  both  copies,  and  eventually  tell  us  that  the  block  is 
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interesting.  The  amount  of  time  it  spends  checking  this  "second  block"  is  always  a 
tiny  fraction  of  the  total  search  time.) 

In  the  plaintext  recognizer  there  are  also  8  bits  that  lets  us  specify  which  bytes  of  a 
plaintext  are  interesting  to  examine.  For  example,  if  we  know  or  suspect  the  con- 
tents of  the  first  six  bytes  of  a  plaintext  value,  but  don't  know  anything  about  the 
last  two  bytes,  we  can  search  for  keys  which  match  in  just  those  six  bytes. 

Known  plaintext 

The  chips  will  have  many  fewer  "false  positives"  if  the  plaintext  of  the  message  is 
known,  instead  of  just  knowing  its  general  characteristics.  In  that  case,  only  a 
small  number  of  byte  values  will  be  "interesting".  If  the  plaintext  has  no  repeated 
byte  values,  only  eight  byte  values  will  be  interesting,  instead  of  69  as  above. 

For  example,  if  the  plaintext  block  is  "hello  th",  then  only  the  six  byte  values  "h", 
"e",  "1",  "o",  space,  and  "t"  are  interesting.  If  a  plaintext  contains  only  these  bytes, 
it  is  interesting.  We'll  get  some  "false  positives"  since  many  plaintexts  like  "tholo  tt" 
would  appear  "interesting"  even  though  they  don't  match  exactly. 

Using  this  definition  of  "interesting",  a  byte  resulting  from  a  wrong  key  will  look 
interesting  only  about  8/256ths  of  the  time,  or  l/32nd  of  the  time.  All  eight  bytes 
resulting  from  a  wrong  key  will  look  interesting  only  l/32nd  to  the  eighth  power 
(l/32nd  of  l/32nd  of  l/32nd  of  l/32nd  of  l/32nd  of  l/32nd  of  l/32nd  of  l/32nd) 
of  the  time,  or  l/l,099,511,627,776th  of  the  time  (1/240  of  the  time).  In  other 
words,  a  search  unit  can  try  an  average  of  a  trillion  keys  before  reporting  that  a 
wrong  key  looks  interesting.  This  lets  it  search  for  a  long  time  without  slowing 
down  or  bothering  the  software. 

Speed 

Once  you  get  it  going,  a  search  unit  can  do  one  decryption  in  16  clock  cycles.  The 
chips  we  have  built  can  run  with  a  clock  of  40  Mhz  (40  million  cycles  per  second). 
Dividing  16  into  40  million  shows  that  each  search  unit  can  try  about  2.5  million 
keys  per  second. 

In  building  the  search  units,  we  discovered  that  we  could  make  them  run  faster  if 
we  used  simpler  circuitry  for  adding  1  to  a  key.  Rather  than  being  able  to  count 
from  a  key  of  0  all  the  way  up  to  a  key  of  all  ones,  we  limited  the  adder  so  that  it 
can  only  count  the  bottom  32  bits  of  the  key.  The  top  24  bits  always  remain  the 
same.  At  a  rate  of  2.5  million  keys  per  second,  it  takes  a  search  unit  1717  seconds 
(about  half  an  hour)  to  search  all  the  possible  keys  that  have  the  same  top  24  bits. 
At  the  end  of  half  an  hour,  the  software  has  to  stop  the  chip,  reload  it  with  a  new 
value  in  the  top  24  bits,  and  start  it  going  again. 
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Feedback  Modes 

The  chip  can  also  decrypt  ciphertext  that  was  encrypted  in  "Cipher  Block  Chain- 
ing" mode.  In  this  mode,  the  ciphertext  of  each  block  is  exclusive-OR'd  into  the 
plaintext  of  the  next  block  before  it  is  encrypted.  (An  "initialization  vector"  is 
exclusive-OR'd  into  the  first  block  of  plaintext.)  The  search  unit  knows  how  to 
exclusive-OR  out  an  Initialization  Vector  (IV)  after  decrypting  the  first  cyphertext, 
and  to  exclusive-OR  out  the  first  cyphertext  after  decrypting  the  second  one.  The 
software  specifies  the  IV  at  the  same  time  it  provides  the  cyphertext  values. 

Blaze  Challenge 

In  June,  1997  Matt  Blaze,  a  cryptography  researcher  at  AT&T,  proposed  a  different 
sort  of  cryptographic  challenge.  He  wanted  a  challenge  that  not  even  the  propo- 
nent knew  how  to  solve,  without  either  doing  a  massive  search  of  the  key-space, 
or  somehow  cryptanalyzing  the  structure  of  DES. 

His  challenge  is  merely  to  find  a  key  such  that  a  ciphertext  block  of  the  form 
XXXXXXXX  decrypts  to  a  plaintext  block  of  the  form  YYYYYYYY,  where  X  and  Y 
are  any  fixed  8-bit  value  that  is  repeated  across  each  of  the  eight  bytes  of  the 
block. 

We  added  a  small  amount  of  hardware  to  the  search  units  to  help  with  solving  this 
challenge.  There  is  an  option  to  exclusive-OR  the  right  half  of  the  plaintext  into 
the  left  half,  before  looking  to  see  if  the  plaintext  is  "interesting".  For  plaintexts  of 
the  form  YYYYYYYY,  this  will  result  in  a  left  half  of  all  zeros.  We  can  then  set  up 
the  plaintext  recognizer  so  it  only  looks  at  the  left  half,  and  only  thinks  zeroes  are 
interesting.  This  will  produce  a  large  number  of  false  positives  (any  plaintext 
where  the  left  and  right  halves  are  equal,  like  ABCDABCD),  but  software  can 
screen  them  out  with  only  about  a  1%  performance  loss. 

Structure  Of  The  Machine 

Now  that  you  know  how  a  single  search  unit  works,  let's  put  them  together  into 
the  whole  machine. 

Each  search  unit  fits  inside  a  custom  chip.  In  fact,  24  search  units  fit  inside  a  single 
chip.  All  the  search  units  inside  a  chip  share  the  same  ciphertext  blocks,  initializa- 
tion vector,  and  the  same  plaintext-recognizer  table  of  "interesting"  result  values. 
Each  search  unit  has  its  own  key,  and  each  can  be  stopped  and  started  indepen- 
dently. 

The  chip  provides  a  simple  interface  on  its  wires.  There  are  a  few  signals  that  say 
whether  any  of  the  search  units  are  stopped,  some  address  and  data  wires  so  that 
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the  software  ean  read  and  write  to  the  search  units,  and  wires  for  electrical  power 
and  grounding. 

Since  each  search  unit  tries  2.5  million  keys  per  second,  a  chip  with  24  search 
units  will  try  60  million  keys  per  second.  But  there  are  a  lot  of  keys  to  look  at.  For 
a  single  chip,  it  would  take  6,950  days  (about  19  years)  to  find  the  average  key,  or 
38  years  to  search  the  entire  key  space.  Since  we  don't  want  to  wait  that  long,  we 
use  more  than  one  chip. 

Each  chip  is  mounted  onto  a  large  circuit  board  that  contains  64  chips,  along  with 
a  small  bit  of  interface  circuitry.  The  board  blinks  a  light  whenever  the  software  is 
talking  to  that  board.  64  other  lights  show  when  some  search  unit  in  each  chip  has 
stopped.  In  normal  operation  the  software  will  talk  to  the  board  eveiy  few  sec- 
onds, to  check  up  on  the  chips.  The  chips  should  only  stop  every  once  in  a  while, 
and  should  be  quickly  restarted  by  the  software. 

The  boards  are  designed  to  the  mechanical  specifications  of  "9U"  VMEbus  boards 
(about  15"  by  15").  VMEbus  is  an  industrial  standard  for  computer  boards,  which 
was  popular  in  the  1980s.  We  used  the  VMEbus  form  factor  because  it  was  easy  to 
buy  equipment  that  such  boards  plug  into;  we  don't  actually  use  the  VMEbus  elec- 
trical specifications. 

9U  VMEbus  boards  are  much  larger  than  the  average  interface  card  that  plugs  into 
a  generic  PC,  so  a  lot  more  chips  can  be  put  onto  them.  Also,  9U  VxMEbus  boards 
are  designed  to  supply  a  lot  of  power,  and  our  DES  Cracker  chips  need  it. 

Since  each  chip  searches  60  million  keys  per  second,  a  board  containing  64  chips 
will  search  3.8  billion  keys  per  second.  Searching  half  the  key  space  would  take 
the  board  about  109  days.  Since  we  don't  want  to  wait  that  long  either,  we  use 
more  than  one  board. 

The  boards  are  mounted  into  chassis,  also  called  "card  cages".  In  the  current 
design,  these  chassis  are  recycled  Sun  workstation  packages  from  about  1990.  Sun 
Microsystems  built  a  large  number  of  systems  that  used  the  large  9U  VMEbus 
boards,  and  provide  excellent  power  and  cooling  for  the  boards.  The  Sun-4/470 
chassis  provides  twelve  slots  for  VMEbus  boards,  and  can  easily  be  modified  to 
handle  our  requirements.  Subsequent  models  may  use  other  physical  packaging. 

Each  chassis  has  a  connector  for  a  pair  of  "ribbon  cables"  to  connect  it  to  the  next 
chassis  and  to  the  generic  PC  that  runs  the  software.  The  last  chassis  will  contain  a 
"terminator",  rather  than  a  connection  to  the  next  chassis,  to  keep  the  signals  on 
the  ribbon  cable  from  getting  distorted  when  they  reach  the  end  of  the  line. 

Since  each  board  searches  3.8  billion  keys  per  second,  a  chassis  containing  12 
boards  will  search  46  billion  keys  per  second.  At  that  rate,  searching  half  the  key 
space  takes  about  9  days.  One  chassis  full  of  boards  is  about  25%  faster  than  the 
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entire  worldwide  network  of  machines  that  solved  the  RSA  "DES-II"  challenge  in 
February  1998,  which  was  testing  about  34  billion  keys  per  second  at  its  peak. 

Since  an  informal  design  goal  for  our  initial  DES  Cracker  was  to  crack  an  average 
DES  key  in  less  than  a  week,  we  need  more  than  12  boards.  To  give  ourselves  a 
comfortable  margin,  we  are  using  24  boards,  which  we  can  fit  into  two  chassis. 
They  will  search  92  billion  keys  per  second,  covering  half  the  key  space  in  about 
4.5  days.  If  the  chips  consume  too  much  power  or  produce  too  much  heat  for  two 
chassis  to  handle,*  we  can  spread  the  24  boards  across  three  chassis. 

Table  1-1:  Summary  of  DES  Cracker  performance 


Device 

How  Many  In  Next  Device 

Keys/Sec 

Days/avg  search 

Search  Unit 

24 

2,500,000 

166,800 

Chip 

64 

60,000,000 

6,950 

Board 

12 

3,840,000,000 

109 

Chassis 

2 

46,080,000,000 

9.05 

EFF  DES  Cracker 

92,160,000,000 

4.524 

We  designed  the  search  unit  once.  Then  we  got  a  speedup  factor  of  more  than 
36,000  to  1  just  by  replicating  it  24  times  in  each  chip  and  making  1500  chips.  This 
is  what  we  meant  by  "highly  parallelizable". 

Budget 

The  whole  project  was  budgeted  at  about  US$210,000.  Of  this,  $80,000  is  for  the 
labor  of  designing,  integrating,  and  testing  the  DES  Cracker.  The  other  $130,000  is 
for  materials,  including  chips,  boards,  all  other  components  on  the  boards,  card 
cages,  power  supplies,  cooling,  and  a  PC. 

The  software  for  controlling  the  DES  Cracker  was  written  separately,  as  a  volun- 
teer project.  It  took  two  or  three  weeks  of  work. 

The  entire  project  was  completed  within  about  eighteen  months.  Much  of  that 
time  was  used  for  preliminary  research,  before  deciding  to  use  a  custom  chip 
rather  than  FPGA's.  The  contract  to  build  custom  chips  was  signed  in  September, 
1997,  about  eight  months  into  the  project.  The  team  contained  less  than  ten  peo- 
ple, none  of  whom  worked  full-time  on  the  project.  They  include  a  project  man- 
ager, software  designer,  programmer,  chip  designer,  board  designer,  hardware 
technicians,  and  hardware  managers. 


*  At  publication  time,  we  have  tested  individual  chips  but  have  yet  not  built  the  full  machine.  If  the 
chips'  power  consumption  or  heat  production  is  excessive  in  a  machine  containing  1500  chips,  we  also 
have  the  option  to  reduce  the  chips'  clock  rate  from  40  MHz  down  to,  say,  30  MHz.  This  would  signifi- 
cantly reduce  the  power  and  heat  problems,  at  a  cost  of  33%  more  time  per  search  (6  days  on  aver- 
age). 


1-16  Chapter  1:  Overview 

We  could  have  reduced  the  per-chip  cost,  or  increased  the  chip  density  or  search 
speed,  had  we  been  willing  to  spend  more  money  on  design.  A  more  complex 
design  could  also  have  been  flexible  enough  to  crack  other  encryption  algorithms. 
The  real  point  is  that  for  a  budget  that  any  government,  most  companies,  and  tens 
of  thousands  of  individuals  could  afford,  we  built  a  usable  DES  Cracking  machine. 
The  publication  of  our  design  will  probably  in  itself  reduce  the  design  cost  of 
future  machines,  and  the  advance  of  semiconductor  technology  also  makes  this 
cost  likely  to  drop.  In  five  years  some  teenager  may  well  build  her  own  DES 
Cracker  as  a  high  school  science  fair  project. 


Who  Else  Is  Cracking  DES? 


If  a  civil  liberties  group  can  build  a  DES  Cracker  for  $200,000,  it's  pretty  likely  that 
governments  can  do  the  same  thing  for  under  a  million  dollars.  (That's  a  joke.) 
Given  the  budget  and  mission  of  the  US  National  Security  Agency,  they  must  have 
started  building  DES  Crackers  many  years  ago.  We  would  guess  that  they  are  now 
on  their  fourth  or  fifth  generation  of  such  devices.  They  are  probably  using  chips 
that  are  much  faster  than  the  ones  we  used;  modern  processor  chips  can  run  at 
more  than  300  Mhz,  eight  times  as  fast  as  our  40  Mhz  chips.  They  probably  have 
small  "field"  units  that  fit  into  a  suitcase  and  crack  DES  in  well  under  a  day;  as 
well  as  massive  central  units  buried  under  Ft.  Meade,  that  find  the  average  DES 
key  in  seconds,  or  find  thousands  of  DES  keys  in  parallel,  examining  thousands  of 
independent  intercepted  messages. 

Our  design  would  scale  up  to  finding  a  DES  key  in  about  half  an  hour,  if  you  used 
333,000  chips  on  more  than  5,200  boards.  The  boards  would  probably  require 
about  200  parallel  port  cards  to  communicate  with  them;  an  IBM-compatible  PC 
could  probably  drive  four  such  cards,  thus  requiring  about  50  PC's  too.  The  soft- 
ware required  would  be  pretty  simple;  the  hard  part  would  be  the  logistics  of 
physical  arrangement  and  repair.  This  is  about  200  times  as  much  hardware  as  the 
project  we  built.  A  ridiculously  high  upper  bound  on  the  price  of  such  a  system 
would  be  200  times  the  current  project  price,  or  $40  million. 

Of  course,  if  we  were  going  to  build  a  system  to  crack  DES  in  half  an  hour  or  less, 
using  a  third  of  a  million  chips,  it  would  be  better  to  go  back  to  the  drawing  board 
and  design  from  scratch.  We'd  use  more  modern  chip  fabrication  processes;  a 
higher- volume  customer  can  demand  this.  We'd  spend  more  on  the  initial  design 
and  the  software,  to  produce  a  much  cheaper  and  simpler  total  system,  perhaps 
allowing  boards  full  of  denser,  faster,  lower-voltage  chips  to  use  a  small  onboard 
processor  and  plug  directly  into  an  Ethernet.  We'd  work  hard  to  reduce  the  cost  of 
each  chip,  since  there  would  be  so  many  of  them.  We'd  think  about  how  to  crack 
multiple  DES  keys  simultaneously. 
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It  would  be  safe  to  assume  that  any  large  country  has  DES  Cracking  machines. 
After  the  publication  of  this  book  wakes  them  up,  probably  more  small  countries 
and  some  criminal  organizations  will  make  or  buy  a  few  DES  Crackers.  That  was 
not  the  intent  of  the  book;  the  intent  was  to  inform  and  warn  the  targets  of  this 
surveillance,  the  builders  of  equipment,  and  the  policy  makers  who  grapple  with 
encryption  issues. 

What  To  Do  If  You  Depend  On  DES 

Don't  design  anything  else  that  depends  on  single  DES. 

Take  systems  out  of  service  that  use  permanently  fixed  single-DES  keys,  or 
superencrypt  the  traffic  at  a  higher  level.  Superencryption  requires  special  care, 
though,  to  avoid  providing  any  predictable  headers  that  can  be  used  to  crack  the 
outer  DES  encryption. 

Start  changing  your  software  and/or  hardware  to  use  a  stronger  algorithm  than 
DES. 

Three-key  Triple-DES  is  an  obvious  choice,  since  it  uses  the  same  block  size  and 
can  possibly  use  the  same  hardware;  it  just  uses  three  keys  and  runs  DES  three 
times  (encrypting  each  block  with  the  first  key,  decrypting  it  with  the  second,  then 
encrypting  it  with  the  third).  The  strength  of  Triple-DES  is  not  known  with  any 
certainty,  but  it  is  certainly  no  weaker  than  single  DES,  and  is  probably  substan- 
tially stronger.  Beware  of  "mixed  up"  variants  or  modes  of  Triple-DES;  research  by 
Eli  Biham*  and  David  Wagnert  shows  that  they  are  significantly  weaker  than  the 
straightforward  Triple-DES,  and  may  be  even  weaker  than  single-DES.  Use  three 
copies  of  DES  in  Electronic  Code  Book  (ECB)  mode  as  a  basic  primitive.  You  can 
then  build  a  mode  such  as  Cipher  Feedback  mode  using  the  primitive  ECB  3DES. 

The  US  Government  is  tardily  going  through  a  formal  process  to  replace  the  DES. 
This  effort,  called  the  Advanced  Encryption  Standard,  will  take  several  years  to 
decide  on  a  final  algorithm,  and  more  years  for  it  to  be  proven  out  in  actual  use, 
and  carefully  scrutinized  by  public  cryptanalysts  for  hidden  weaknesses.  If  you  are 
designing  products  to  appear  five  to  ten  years  from  now,  the  AES  might  be  a  good 
source  of  an  encryption  algorithm  for  you. 

The  reason  that  the  AES  is  tardy  is  because  the  NSA  is  believed  to  have  blocked 
previous  attempts  to  begin  the  process  over  the  last  decade.  In  recent  years  NSA 


*  "Cryptanalysis  of  Triple-Modes  of  Operation",  Eli  Biham,  Technion  Computer  Science  Department 
Technical  Report  CS0885,  1996. 

f  "Cryptanalysis  of  some  Recently  Proposed  Multiple  Modes  of  Operation",  David  Wagner,  University  of 
California  at  Berkeley,  http://www.cs.berkeley.edu/~daw/multmode-fse98.ps.  Presented 
at  the  1998  Fast  Software  Encryption  workshop. 
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has  tried,  without  success,  to  get  the  technical  community  to  use  classified,  NSA- 
designed  encryption  algorithms  such  as  Skipjack,  without  letting  the  users  subject 
these  algorithms  to  public  scrutiny.  Only  after  this  effort  failed  did  they  permit  the 
National  Institute  of  Standards  and  Technology  to  begin  the  AES  standardization 
process. 

Conclusion 

The  Data  Encryption  Standard  has  served  the  public  pretty  well  since  1975.  But  it 
was  designed  in  an  era  when  computation  cost  real  money,  when  massive  com- 
puters hunkered  on  special  raised  flooring  in  air-conditioned  inner  sanctums.  In  an 
era  when  you  can  carry  a  supercomputer  in  your  backpack,  and  access  millions  of 
machines  across  the  Internet,  the  Data  Encryption  Standard  is  obsolete. 

The  Electronic  Frontier  Foundation  hopes  that  this  book  inspires  a  new  level  of 
truth  to  enter  the  policy  debates  on  encryption.  In  order  to  make  wise  choices  for 
our  society,  we  must  make  well-informed  choices.  Great  deference  has  been  paid 
to  the  perspective  and  experience  of  the  National  Security  Agency  and  Federal 
Bureau  of  Investigation  in  these  debates.  This  is  particularly  remarkable  given  the 
lack  of  any  way  for  policy-makers  or  the  public  to  check  the  accuracy  of  many  of 
their  statements.*  (The  public  cannot  even  hear  many  of  their  statements,  because 
they  are  classified  as  state  secrets.)  We  hope  that  the  crypto  policy  debate  can 
move  forward  to  a  more  successful  and  generally  supported  policy.  Perhaps  if 
these  agencies  will  consider  becoming  more  truthful,  or  policy-makers  will  stop 
believing  unverified  statements  from  them,  the  process  can  move  more  rapidly  to 
such  a  conclusion. 


*  DES  cracking  is  not  the  only  issue  on  which  agency  credibility  is  questionable.  For  example,  the 
true  extent  of  the  law  enforcement  problem  posed  by  cryptography  is  another  issue  on  which  official 
dire  predictions  have  been  made,  while  more  careful  and  unbiased  studies  have  shown  little  or  no 
impact.  The  validity  of  the  agencies'  opinion  of  the  constitutionality  of  their  own  regulations  is  also  in 
doubt,  having  been  rejected  two  decades  ago  by  the  Justice  Department,  and  declared  unconstitutional 
in  1997  by  a  Federal  District  Court.  The  prevalence  of  illegal  wiretapping  and  communications  inter- 
ception by  government  employees  is  also  in  question;  see  for  example  the  Los  Angeles  Times  story  of 
April  26,  1998,  "Can  the  LA.  Criminal-Justice  System  Work  Without  Trust?" 
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On-Chip  Registers 


Each  chip  contains  the  following  registers.  They  are  addressed  as  specified  in  Fig- 
ure 2-1. 

CiphertextO  (64  bits  =  8  bytes) 

The  value  of  the  first  ciphertext  being  searched.  CiphertextO  is  identical  in  all 
search  units  and  is  set  only  once  (when  the  search  system  is  first  initialized). 

Ciphertext  1  (64  bits  =  8  bytes) 

The  value  of  the  second  ciphertext  being  searched.  Ciphertextl  is  identical  in  all 

search  units  and  is  set  only  once  (when  the  search  system  is  first  initialized). 

PlaintextByteMask  (8  bits) 

The  plaintext  byte  selector.  One-bits  in  this  register  indicate  plaintext  bytes  that 
should  be  ignored  when  deciding  whether  or  not  the  plaintext  produced  by  a  par- 
ticular key  is  possibly  correct.  This  mask  is  helpful  when  only  a  portion  of  the 
plaintext's  value  is  known.  For  example,  if  the  first  5  bytes  equal  a  known  header 
but  the  remaining  three  are  unknown,  a  PlaintextByteMask  of  0x07  would  be 
used. 

PlaintextXorMask  (64  bits  =  8  bytes) 

This  register  is  XORed  with  decryption  of  CiphertextO.  This  is  normally  filled  with 
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Figure 

2-1: 
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the  CBC  mode  IV. 


PlaintextVector  (256  bits  =  8  bytes) 

Identifies  allowable  plaintext  byte  values  (ignoring  those  masked  by  the  Plain- 
textByteMask).  If,  for  any  plaintext  byte  P[i=0..7],  bit  P[i]  is  not  set,  the  decryption 
key  will  be  rejected.  PlaintextVector  is  identical  in  all  search  units  and  is  set  only 
once  (when  the  search  system  is  first  initialized). 

Searchlnfo  (8  bits) 

The  bits  in  Searchlnfo  describe  how  the  correct  plaintext  identification  function 
works.  Bits  of  Searchlnfo  are  defined  as  follows: 


On-Chip  Registers  2-3 

bit  0  =  UseCBC 

If  this  bit  is  set,  CiphertextO  is  XORed  onto  the  plaintext  produced  by 
decrypting  Ciphertextl  before  the  plaintext  is  checked.  This  bit  is  used 
when  checking  CBC-mode  ciphertexts. 

bit  1  =  ExtraXOR 

If  set,  the  right  half  of  the  resulting  plaintext  is  XORed  onto  the  left  before 
any  plaintext  checking  is  done.  ExtraXOR  and  UseCBC  cannot  be  used 
together. 

bit  2  =  ChipAllActive 

If  cleared,  one  or  more  search  units  in  this  chip  have  halted  (e.g., 
SearchActive  is  zero).  This  value  is  computed  by  ANDing  the  SearchActive 
bits  of  all  search  units'  SearchStatus  bytes.  The  inverse  of  this  value  is  sent 
out  on  a  dedicated  pin,  for  use  in  driving  a  status  LED  which  lights  up 
whenever  the  chip  halts. 

bit  3  =  BoardAllActive 

This  pin  is  the  AND  of  the  ChipAllActive  lines  of  this  chip  and  all  later 
chips  on  the  board.  This  is  implemented  by  having  each  chip  n  take  in 
chip  n+l's  BoardAllActive  line,  AND  it  with  its  own  ChipAllActive  line, 
and  output  the  result  to  chip  n-1  for  its  BoardAllActive  computation.  This 
makes  it  possible  to  find  which  chip  on  a  board  has  halted  by  querying 
log2N  chips,  where  N  is  the  number  of  chips  on  the  board.  If  BoardAllAc- 
tiveEnable  is  not  set  to  1,  BoardAllActive  simply  equals  the  BoardAllAc- 
tivelnput  pin,  regardless  of  the  chip's  internal  state. 

bit  4  =  BoardAllActiveEnable 

If  this  value  is  set  to  0  then  BoardAllActive  always  equals  the  BoardAllAc- 
tivelnput  pin,  regardless  of  whether  all  search  units  on  the  board  are 
active.  If  this  bit  is  set  to  1,  then  the  BoardAllActive  register  (and  output) 
are  set  to  reflect  the  internal  state  of  the  chip  ANDed  with  the  input  pin. 

bits  5-7  =  Unused 

KeyCounter  (56  bits) 

The  value  of  the  key  currently  being  checked  The  KeyCounter  is  updated  very 
frequently  (i.e.,  once  per  key  tested).  A  unique  KeyCounter  value  is  assigned  to 
every  search  unit.  When  the  search  unit  halts  after  a  match,  KeyCounter  has 
already  been  incremented  to  the  next  key;  the  match  was  on  the  previous  key. 

SearchCommandAndStatus  (8  bits) 

The  bits  in  SearchStatus  describe  the  current  search  state  of  a  specific  search  unit. 
A  unique  SearchStatus  register  is  allocated  for  each  search  unit.  Bits  of  SearchSta- 
tus are  allocated  as  follows: 
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bit  0  =  SearchActive 

Indicates  whether  the  search  is  currently  halted  (Ohalted,  l=active).  The 
computer  sets  this  bit  to  begin  a  search,  and  it  is  cleared  by  the  search 
unit  if  a  matching  candidate  key  is  found.  The  host  computer  checks  the 
status  of  this  bit  periodically  and,  if  it  is  zero,  reads  out  the  key  then 
restarts  the  search.  (See  also  ChipAllActive  and  BoardAllActive  in  the 
Searchlnfo  register.) 

bit  1  =  CiphertextSelector 

Indicates  whether  the  search  engine  is  currently  checking  CiphertextO  or 
Ciphertextl.  (0=CiphertextO,  l=Ciphertextl).  If  this  bit  is  clear,  the  search 
engine  decrypts  CiphertextO  and  either  sets  CiphertextSelector  to  1  (if  the 
plaintext  passes  the  checks)  or  increments  KeyCounter  (if  the  plaintext 
does  not  pass).  If  this  bit  is  set,  the  search  engine  decrypts  Ciphertextl 
and  either  sets  SearchActive  to  0  (if  the  plaintext  passes  the  checks)  or 
sets  CiphertextSelector  to  0  and  increments  KeyCounter  (if  the  plaintext 
does  not  pass). 

bits  2-7  =  Unused 

Commands 

In  order  to  be  able  to  address  each  search  unit  separately,  each  can  be  addressed 
uniquely  by  the  combination  of  its  location  on  the  chip,  the  location  of  the  chip 
on  the  board,  and  board's  identifier.  The  BoardID  is  interpreted  off-chip;  each  chip 
has  a  board  select  pin,  which  notifies  the  chip  when  the  board  has  been  selected. 
Chip  ID  matching  is  done  inside  each  ASIC;  the  ID  pins  of  the  ASIC  are  wired  to 
the  chip's  ID. 

All  commands  are  originated  by  the  computer  go  via  a  bus  which  carries  8  bits  for 
BoardlD/ChipID/Register  address,  8  bits  for  data,  and  a  few  additional  bits  for 
controls. 

To  do  a  search,  the  host  computer  will  program  the  search  units  as  shown  in  Fig- 
ure 2-2.  (N  is  the  total  number  of  search  units,  numbered  from  0  to  N-l,  each  with 
a  unique  BoardlD/ChipID/Register  address.) 


Search  Unit  Operation 


Each  search  unit  contains  a  DES  engine,  which  performs  DES  on  two  32-bit  regis- 
ters L/R  using  the  key  value  in  KeyCounter.  Each  search  unit  goes  through  the 
process  detailed  in  Figure  2-3,  and  never  needs  to  halt.  If  registers  are  updated 
during  the  middle  of  this  process,  the  output  is  meaningless  (which  is  fine,  since 
an  incorrect  output  is  statistically  almost  certain  to  not  be  a  match). 


Sample  Programming  Descriptions  2-5 


Figure  2-2:  Example  algorithm  for  programming 
the  search  array  using  host  computer 

This  is  a  very  simple  algorithm  intended  only  as  an  example.  The  actual  soft- 
ware will  use  more  intelligent  search  techniques,  using  the  BoardAllActive 
and  ChipAllActive  lines. 

Load  CiphertextO,  Ciphertextl,  PlaintextXorMask,  PlaintextByteMask, 

Plaintext  Vector,  and  Searchlnfo  into  each  chip. 
For  i  =  0  upto  N-l 

Set  SearchStatus  in  search  unit  i  to  0  while  loading  the  key. 
Set  KeyCounter  of  search  unit  i  to  ((256)(i)  /  N). 
Set  SearchStatus  in  search  unit  i  to  1  to  enable  SearchActive. 
EndFor 

While  correct  key  has  not  been  found: 
For  i  =  0  upto  N-l: 
Read  SearchStatus  from  search  unit  i. 
Check  SearchActive  bit. 
If  SearchActive  is  set  to  0: 

Read  KeyCounter  from  search  unit  i. 

Subtract  1  from  the  low  32  bits  of  the  key. 

Perform  a  DES  operation  at  the  local  computer  to  check  the  key. 

If  the  key  is  correct,  the  search  is  done. 
Set  the  SearchActive  bit  of  SearchStatus  to  restart  the  search. 
Endlf 
EndFor 
EndWhile 


Sample  Programming  Descriptions 

This  section  describes  how  the  system  will  be  programmed  for  some  typical  oper- 
ations. 

Known  ciphertext/plaintext  (ECB,  CBC,  etc.) 

If  a  complete  ciphertext/plaintext  block  is  known,  this  mode  is  used.  This  works 
for  most  DES  modes  (ECB,  CBC,  counter,  etc.),  but  does  require  a  full  plaintext/ 
ciphertext  pair. 

PlaintextVector 

For  this  search,  there  are  8  (or  fewer)  unique  plaintext  bytes  in  the  known  plain- 
text. The  bits  corresponding  to  these  bytes  are  set  in  PlaintextVector,  but  all  other 
bits  are  set  to  0. 
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Figure  2-3:  Search  unit  operation 

1.  If  CiphertextSelector  is  0,  then  Let  L/R  =  CiphertextO. 
If  CiphertextSelector  is  1,  then  Let  L/R  =  Ciphertextl. 

2.  Decrypt  L/R  using  the  key  in  KeyCounter,  producing  a  candidate 
plaintext  in  L/R. 

3.  If  ExtraXOR  is  1,  then  Let  L  =  L  XOR  R. 
If  CiphertextSelector  is  0,  then 

Let  L/R  =  L/R  XOR  PlaintextXorMask. 
If  CiphertextSelector  is  1  and  UseCBC  is  1,  then: 
Let  L/R  =  L/R  XOR  CiphertextO. 

4.  If  SearchActive  =  1  AND  ( 

(PlaintextByteMask[0x80l  =  0  AND  PlaintextVectorlbyte  0  of  L]  is  0)  OR 
(PlaintextByteMask[0x40]  =  0  AND  Plaintext Vector[byte  1  of  L]  is  0)  OR 
(PlaintextByteMask[0x20]  =  0  AND  PlaintextVectorlbyte  2  of  L]  is  0)  OR 
(PlaintextByteMask[0xl0]  =  0  AND  PlaintextVectorlbyte  3  of  L]  is  0)  OR 
(PlaintextByteMask[0x08]  =  0  AND  PlaintextVector[byte  0  of  R]  is  0)  OR 
(PlaintextByteMask[0x04]  =  0  AND  PlaintextVectorlbyte  1  of  Rl  is  0)  OR 
(PlaintextByteMask[0x02]  =  0  AND  PlaintextVectorlbyte  2  of  R]  is  0)  OR 
(PlaintextByteMasklOxOll  =  0  AND  PlaintextVectorlbyte  3  of  Rl  is  0))  then: 

Let  CiphertextSelector  =  0. 

Increment  KeyCounter. 
else 

If  CiphertextSelector  is  1  then  Let  SearchActive  =  0. 

Let  CiphertextSelector  =  1. 

5.  Go  to  step  1. 


CiphertextO 

Equals  the  ciphertext  block. 

Ciphertextl 

Equals  the  ciphertext  block. 

Searchlnfo 

UseCBC  and  ExtraXOR  are  both  set  to  0. 

PlaintextByteMask 

Set  to  0x00  (all  bytes  used). 
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PlaintextXorMask 

Set  to  0x0000000000000000. 

Because  the  plaintext  byte  order  does  not  matter,  there  are  8  acceptable  values  for 
each  ciphertext  byte,  or  88  =  224  =  16.7  million  possible  ciphertexts  which  will  sat- 
isfy the  search  criteria.  The  probability  that  an  incorrect  ciphertext  will  pass  is  224  / 
264,  so  over  a  search  of  255  keys  there  will  be  an  average  of  (255)(  224  /  264),  or 
32768  false  positives  which  will  need  to  be  rejected  by  the  controlling  computer. 
Because  the  CiphertextO  and  Ciphertextl  selections  are  identical,  any  false  posi- 
tives that  pass  the  first  test  will  also  pass  the  second  test.  (The  performance 
penalty  is  negligible;  the  search  system  will  do  two  DES  operations  on  each  of  the 
32768  false  positive  keys,  but  only  one  DES  operation  on  all  other  incorrect  keys.) 

ASCII  text  (ECB  or  CBC) 

A  minimum  of  two  adjacent  ciphertexts  (16  bytes  total)  are  required  for  ASCII-only 
attacks. 

PlaintextVector 

Set  only  the  bits  containing  acceptable  ASCII  characters.  For  normal  text,  this 
would  normally  include  55  of  the  256  possible  characters  occur  (10=line  feed, 
13=carriage  return,  32=space,  65-90=capital  letters,  and  97-122=lowercase  letters). 

CiphertextO 

Equals  the  first  ciphertext. 

Ciphertextl 

Equals  the  second  ciphertext. 

Searchlnfo 

UseCBC  is  set  to  0  if  ECB,  or  set  to  1  if  the  ciphertext  was  produced  using  CBC. 

ExtraXOR  is  set  to  0. 

PlaintextByteMask 

Set  to  0x00  (all  bytes  used). 

PlaintextXorMask 

Set  to  0x0000000000000000  for  ECB,  to  IV  for  CBC. 

The  probability  that  the  two  (random)  candidate  plaintexts  produced  by  an  incor- 
rect key  will  contain  only  the  ASCII  text  characters  listed  above  is  (55/256)16.  In  a 
search,  there  will  thus  be  an  average  of  255  (55/256)16  =  742358  false  positives 
which  need  to  be  rejected  by  the  computer.  For  one  key  in  about  220,000,  the  first 
check  will  pass  and  an  extra  DES  will  be  required.  (The  time  for  these  extra  DES 
operations  is  insignificant.)  Idle  time  lost  while  waiting  for  false  positives  to  be 
cleared  is  also  insignificant.  If  the  computer  checks  each  search  unit's  SearchActive 
flag  once  per  second,  a  total  of  0.5  search  unit  seconds  will  be  wasted  for  every 
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false  positive,  or  a  total  of  103  search-unit  hours,  out  of  about  4  million  search-unit 
hours  for  the  whole  search. 

When  programming  CBC  mode,  note  that  the  PlaintextXorMask  must  be  set  to  the 
IV  (or  the  previous  ciphertext,  if  the  ciphertext  being  attacked  is  not  in  the  first 
block). 

Matt  Blaze's  Challenge 

The  goal  is  to  find  a  case  where  all  plaintext  bytes  are  equal  and  all  ciphertext 
bytes  are  equal. 

PlaintextVector 

Set  only  bit  0. 

CiphertextO 

Set  to  a  fixed  value  with  all  bytes  equal 

Ciphertext  1 

Same  as  CiphertextO. 

Searchlnfo 

UseCBC  is  set  to  0.  ExtraXOR  is  set  to  1. 

PlaintextByteMask 

Set  to  OxOF  (only  left  half  examined). 

PlaintextXorMask 

Set  to  0x0000000000000000. 

If  the  right  and  left  half  are  equal,  as  must  be  the  case  if  all  plaintext  bytes  are  the 
same,  then  when  the  ExtraXOR  bit's  status  causes  the  L=L  XOR  R  step,  L  will 
become  equal  to  0.  The  plaintext  byte  mask  selects  only  the  left  half  and  the  Plain- 
textVector makes  sure  the  4  bytes  are  0. 

False  positives  occur  whenever  L=R,  or  with  one  key  in  232.  Because  this  search  is 
not  guaranteed  to  terminate  after  256  operations,  the  average  time  is  256  (not  255). 
The  number  of  false  positives  is  expected  to  be  256/  232  =  224  =  16.8  million.  Each 
search  unit  will  thus  find  a  false  positive  every  232  keys  on  average,  or  about  once 
every  half  hour.  At  1  second  polling  of  search  units,  (0.5X16.8  million)/3600  = 
2333  search  unit  hours  will  be  idle  (still  under  1%  of  the  total).  The  host  computer 
will  need  to  do  the  16.8  million  DES  operations  (on  average),  but  even  a  fairly 
poor  DES  implementation  can  do  this  in  just  a  few  minutes. 
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Scalability  and  Performance 

The  architecture  was  intended  to  find  DES  keys  in  less  than  10  days  on  average. 
The  performance  of  the  initial  implementation  is  specified  in  Figure  2-4.  Faster 
results  can  be  easily  obtained  with  increased  hardware;  doubling  the  amount  of 
hardware  will  halve  the  time  per  result.  Within  the  design,  boards  of  keysearch 
ASICs  can  be  added  and  removed  easily,  making  it  simple  to  make  smaller  or 
larger  systems,  where  larger  systems  cost  more  but  find  results  more  quickly. 
Larger  systems  will  have  additional  power  and  cooling  requirements. 


Figure  2-4:  Performance  Estimate 

Total  ASICs 

1536 

Search  units  per  ASIC 

24 

Total  search  units 

36864 

Clock  speed  (Hz) 

4.00E+07 

Clocks  per  key  (typical) 

16 

DES  keys  per  search  unit  per  second 

2.50E+06 

Total  DES  keys  per  second 

9.22E+10 

Search  size  (worst  case) 

7.21E+16 

Seconds  per  result  (worst  case) 

7.82E+05 

Days  per  result  (worst  case) 

9.05 

Search  size  (average  case) 

3.60E+16 

Seconds  per  result  (average  case) 

3.91E+05 

Days  per  result  (average  case) 

4.52 

Host  Computer  Software 

Cryptography  Research  will  write  the  following  software: 

Simulation 

Cryptography  Research  will  develop  software  to  generate  test  vectors  for  the  chip 
for  testing  before  the  design  is  sent  to  the  fab.  This  software  will  test  all  features 
on  the  chip  and  all  modes  of  operation.  This  program  will  have  a  simple  com- 
mand line  interface. 

Host  computer 

The  host  computer  software  program  will  implement  the  standard  search  tasks  of 
breaking  a  known  plaintexts,  breaking  encrypted  ASCII  text  (ECB  and  CBC 
modes),  and  solving  the  Matt  Blaze  challenge.  These  programs  will  be  written  in 
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standard  ANSI  C,  except  for  platform-specific  I/O  code.  The  host  program  will  also 
have  a  test  mode,  which  loads  search  units  with  tasks  that  are  known  to  halt  rea- 
sonably quickly  (e.g.,  after  searching  a  few  million  keys)  and  verifies  the  results  to 
detect  of  any  failed  parts.  (The  software  will  include  the  capability  of  bypassing 
bad  search  units  during  search  operations.)  Users  who  wish  to  perform  unusual 
searches  will  need  to  add  a  custom  function  to  determining  whether  candidate 
keys  are  actually  correct  and  recompile  the  code. 

The  initial  version  of  this  program  will  have  a  simple  command  line  interface  and 
will  be  written  for  DOS.  A  Linux  port  will  also  be  written,  but  may  not  be  ready  by 
the  initial  target  completion  date.  (Because  the  only  platform-specific  code  will  be 
the  I/O  functions,  it  should  be  very  easy  to  port  to  any  platform  with  an  appropri- 
ate compiler.)  Software  programs  will  identify  the  participants  in  the  project  (AWT, 
EFF,  and  Cryptography  Research). 

Cryptography  Research  will  also  produce  a  version  with  a  prettier  user  interface  to 
make  the  demonstration  more  elegant  (platform-to-be-determined). 

All  software  and  source  code  will  be  placed  in  the  public  domain. 


Glossary 


BoardID 

An  8-bit  identifier  unique  for  each  board.  This  will  be  set  with  a  DIP  switch  on  the 
board.  The  host  computer  addresses  chips  by  their  ChipID  and  BoardID. 

CBC  mode 

A  DES  mode  in  which  the  first  plaintext  block  is  XORed  with  an  initialization  vec- 
tor (IV)  prior  to  encryption,  and  each  subsequent  plaintext  is  XOR  with  the  previ- 
ous ciphertext. 

ChipID 

A  value  used  by  the  host  computer  to  specify  which  chip  on  a  board  is  being 
addressed. 

Ciphertext 

Encrypted  data. 

CiphertextO 

The  first  of  the  two  ciphertexts  to  be  attacked. 

Ciphertext  1 

The  second  of  the  two  ciphertexts  to  be  attacked. 


Pre -ANSI  C  can  be  supported  if  required.  Any  GUI  code  will  probably  be  written  in  C++. 
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CiphertextSelector 

A  register  used  to  select  the  current  ciphertext  being  attacked.  The  selector  is 
needed  because  a  single  DES  engine  needs  to  be  able  to  test  two  ciphertexts  to 
determine  whether  both  are  acceptable  matches  before  deciding  that  a  key  is  a 
good  match. 

DES 

The  Data  Encryption  Standard. 

ExtraXOR 

A  register  to  make  the  search  units  perform  an  extra  operation  which  XORs  the 
right  and  left  halves  of  the  result  together.  This  is  used  to  add  support  for  Matt 
Blaze's  DES  challenge. 

Host  computer 

The  computer  that  controls  the  DES  search  array. 

KeyCounter 

Each  search  unit  has  a  KeyCounter  register  which  contains  the  current  key  being 
searched.  These  registers  are  each  7  bytes  long,  to  hold  a  56-bit  key. 

Plaintext 

Unencrypted  data  corresponding  to  a  ciphertext. 

PlaintextByteMask 

An  8-bit  register  used  to  mask  off  plaintext  bytes.  This  is  used  to  mask  off  bytes  in 
the  plaintext  whose  values  aren't  known  or  are  too  variable  to  list  in  the  Plain- 
textVector. 

PlaintextVector 

A  256-bit  register  used  to  specify  which  byte  values  can  be  present  in  valid  plain- 
texts. It  is  the  host  computer's  responsibility  to  ensure  that  only  a  reasonable  num- 
ber of  bits  are  set  in  the  PlaintextVector;  setting  too  many  will  cause  the  DES 
search  units  to  halt  too  frequently. 

PlaintextXorMask 

A  64-bit  register  XORed  onto  the  value  derived  by  decrypting  ciphertext  0.  Nor- 
mally this  mask  is  either  zero  or  set  to  the  CBC  mode  initialization  vector  (IV). 

SearchActive 

A  bit  for  each  search  unit  which  indicates  whether  it  is  currently  searching,  or 
whether  it  has  stopped  at  a  candidate  key.  Stopped  search  units  can  be  restarted 
by  loading  a  key  which  does  not  halt  and  resetting  this  bit. 

Searchlnfo 

A  register  containing  miscellaneous  information  about  how  DES  results  should  be 
post-  processed  and  also  indicating  whether  any  search  units  on  the  chip  or  on  the 
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board  have  halted. 

UseCBC 

A  bit  in  Searchlnfo  which  directs  the  search  engine  to  do  CBC-mode  post-process- 
ing after  decryption  (e.g.,  XOR  the  decryption  of  ciphertextl  with  ciphertextO  to 
produce  plaintextl). 


In  This  chapter: 

•  ASIC  Description 

•  Board  description 

•  Read  and  Write 
Timing 

•  Addressing  Registers 
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ASIC  Description 

Selectl 

Selects  Cipher  text  1 

CO 

Cipher  text  0 

CI 

Cipher  text  1 

Search 

Search  is  active 

K 

Key 

Mask 

Plain  text  bit  mask  and  DES  output 

Match=0 

a  Zero  is  found  in  any  bit  position  of  plain  text  vector  as  specified  in  step  4  of 
Search  Unit  Operation  (see  Chapter  2) 

CBC  &  Extra  XOR 

Perform  step  3  of  Search  Unit  Operation  (see  Chapter  2) 
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yes 


L/R  =  CO 


L/R  =  C1 


Figure  3~1 :  Search  Unit  Operation  Flow  Chart 

To  determine  the  maximum  number  of  bit  required  for  the  Key: 

K-  log2 (Maximum  combinations/number  of  chips) 

=  log2(256/(24  cpc  *  64  cpb  *  24  boards)  =  log2(l.  95£12)  =  42  bits 
If  we  are  going  to  use  32-bit  counters,  then  it  will  overflow  every: 

232  *  16  cycles  *  25ns  =  1.  72  *  1012ns  =  1720  sec  =  28.  7  minutes 
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Figure  3~2:  State  Diagram  for  the  Search  Unit 


Board  description 


The  PC  will  interface  with  the  ASICs  through  a  parallel  card.  The  parallel  card  has 
three  ports,  assigned: 

Port  A:  Address(7:0) 

Port  B:  Data(7:0) 

Port  C:  Control,  8  signals 

To  reduce  the  routing  resources  on  the  boards  and  ASICs  we  multiplex  the  address 
lines.  To  access  a  register  on  the  ASIC,  it  is  required  that  the  software  latch  the 
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Figure  3~ 3:  Search  Unit's  Block  Diagram 


address  three  times:  Board-ID(7:0),  Chip-ID(6:0)  and  then  Register  address. 

Having  switches  on  the  board  makes  the  design  flexible  and  expandable.  Each 
board  has  its  own  unique  Board-ID  configured  on  switches:  for  example  a  board 
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with  an  ID  of  hexadecimal  5F  has  its  board  ID  switches  configured  as  follows: 
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Figure  3~4:  Address  Bus  Scheme 

All-active  Signal 

If  low,  one  or  more  search  unit  is  halted.  This  value  is  the  result  of  ANDing  all  of 
the  SearchActive  bit  together.  We  will  place  one  AND  gate  per  ASIC  and  cascade 
them. 
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ification 

ASIC  Register  Allocation 

Registers  Common  to  All  Search  Units 

OxOO-Oxlf 

PlaintextVector 

0x20-0x27 

PlaintextXorMask 

0x28-0x2f 

CipherTextO 

0x30-0x37 

CipherTextl 

0x38 

PlaintextByteMask 

0x39-0x3e 

Reserved 

0x3f 

Searchlnfo 

Additional  Registers  for  Search  Units 

0x40-0x47 

Search  Unit  0:   Key  counter  (first  7  bytes)  and  Search  Status 

0x48-0x4f 

Search  Unit  1:    Key  counter  (first  7  bytes)  and  Search  Status 

0xf8-0xff 

Search  Unit  23:  Key  counter  (first  7  bytes)  and  Search  Status 

Number  of  register  required: 

58  common  registers  +  8  *  n  registers;  n  =  the  total  number  of  search  units  in  an  ASIC 
In  this  case  n  =  24,  therefore  58  +  192  =  250  registers 


ASIC  Register  Allocation 
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•  The  Politics  of 
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•  Scanning 

•  Bootstrapping 


Scanning  the 
Source  Code 


The  next  few  chapters  of  this  book  contain  specially  formatted  versions  of  the 
documents  that  we  wrote  to  design  the  DES  Cracker.  These  documents  are  the  pri- 
mary sources  of  our  research  in  brute-force  cryptanalysis,  which  other  researchers 
would  need  in  order  to  duplicate  or  validate  our  research  results. 

The  Politics  of  Cryptographic  Source 
Code 

Since  we  are  interested  in  the  rapid  progress  of  the  science  of  cryptography,  as 
well  as  in  educating  the  public  about  the  benefits  and  dangers  of  cryptographic 
technology,  we  would  have  preferred  to  put  all  the  information  in  this  book  on 
the  World  Wide  Web.  There  it  would  be  instantly  accessible  to  anyone  worldwide 
who  has  an  interest  in  learning  about  cryptography. 

Unfortunately  the  authors  live  and  work  in  a  country  whose  policies  on  cryptogra- 
phy have  been  shaped  by  decades  of  a  secrecy  mentality  and  covert  control.  Pow- 
erful agencies  which  depend  on  wiretapping  to  do  their  jobs  —  as  well  as  to  do 
things  that  aren't  part  of  their  jobs,  but  which  keep  them  in  power  —  have  com- 
promised both  the  Congress  and  several  Executive  Branch  agencies.  They  con- 
vinced Congress  to  pass  unconstitutional  laws  which  limit  the  freedom  of 
researchers  —  such  as  ourselves  —  to  publish  their  work.  (All  too  often,  convinc- 
ing Congress  to  violate  the  Constitution  is  like  convincing  a  cat  to  follow  a  squeak- 
ing can  opener,  but  that  doesn't  excuse  the  agencies  for  doing  it.)  They  pressured 
agencies  such  as  the  Commerce  Department,  State  Department,  and  Department  of 
Justice  to  not  only  subvert  their  oaths  of  office  by  supporting  these  unconstitu- 
tional laws,  but  to  act  as  front-men  in  their  repressive  censorship  scheme,  creating 
unconstitutional  regulations  and  enforcing  them  against  ordinary  researchers  and 
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authors  of  software. 

The  National  Security  Agency  is  the  main  agency  involved,  though  they  seem  to 
have  recruited  the  Federal  Bureau  of  Investigation  in  the  last  several  years.  From 
the  outside  we  can  only  speculate  what  pressures  they  brought  to  bear  on  these 
other  parts  of  the  government.  The  FBI  has  a  long  history  of  illicit  wiretapping,  fol- 
lowed by  use  of  the  information  gained  for  blackmail,  including  blackmail  of  Con- 
gressmen and  Presidents.  FBI  spokesmen  say  that  was  "the  old  bad  FBI"  and  that 
all  that  stuff  has  been  cleaned  up  after  J.  Edgar  Hoover  died  and  President  Nixon 
was  thrown  out  of  office.  But  these  agencies  still  do  everything  in  their  power  to 
prevent  ordinary  citizens  from  being  able  to  examine  their  activities,  e.g. 
stonewalling  those  of  us  who  try  to  use  the  Freedom  of  Information  Act  to  find 
out  exactly  what  they  are  doing. 

Anyway,  these  agencies  influenced  laws  and  regulations  which  now  make  it  illegal 
for  U.S.  crypto  researchers  to  publish  their  results  on  the  World  Wide  Web  (or  else- 
where in  electronic  form). 

The  Paper  Publishing  Exception 

Several  cryptographers  have  brought  lawsuits  against  the  US  Government  because 
their  work  has  been  censored  by  the  laws  restricting  the  export  of  cryptography. 
(The  Electronic  Frontier  Foundation  is  sponsoring  one  of  these  suits,  Bernstein  v. 
Department  of  Justice,  et  al).*  One  result  of  bringing  these  practices  under  judicial 
scrutiny  is  that  some  of  the  most  egregious  past  practices  have  been  eliminated. 

For  example,  between  the  1970's  and  early  1990's,  NSA  actually  did  threaten  peo- 
ple with  prosecution  if  they  published  certain  scientific  papers,  or  put  them  into 
libraries.  They  also  had  a  "voluntary"  censorship  scheme  for  people  who  were 
willing  to  sign  up  for  it.  Once  they  were  sued,  the  Government  realized  that  their 
chances  of  losing  a  court  battle  over  the  export  controls  would  be  much  greater  if 
they  continued  censoring  books,  technical  papers,  and  such. 

Judges  understand  books.  They  understand  that  when  the  government  denies  peo- 
ple the  ability  to  write,  distribute,  or  sell  books,  there  is  something  very  fishy 
going  on.  The  government  might  be  able  to  pull  the  wool  over  a  few  judges'  eyes 
about  jazzy  modern  technologies  like  the  Internet,  floppy  disks,  fax  machines, 
telephones,  and  such.  But  they  are  unlikely  to  fool  the  judges  about  whether  it's 
constitutional  to  jail  or  punish  someone  for  putting  ink  onto  paper  in  this  free 
country. 


See  http : / /www. ef f . org/pub/Privacy/ITAR_export/Bernstein_case/. 
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Therefore,  the  last  serious  update  of  the  cryptography  export  controls  (in  1996) 
made  it  explicit  that  these  regulations  do  not  attempt  to  regulate  the  publication  of 
information  in  books  (or  on  paper  in  any  format).  They  waffled  by  claiming  that 
they  "might"  later  decide  to  regulate  books  —  presumably  if  they  won  all  their 
court  cases  —  but  in  the  meantime,  the  First  Amendment  of  the  United  States 
Constitution  is  still  in  effect  for  books,  and  we  are  free  to  publish  any  kind  of 
cryptographic  information  in  a  book.  Such  as  the  one  in  your  hand. 

Therefore,  cryptographic  research,  which  has  traditionally  been  published  on 
paper,  shows  a  trend  to  continue  publishing  on  paper,  while  other  forms  of  scien- 
tific research  are  rapidly  moving  online. 

The  Electronic  Frontier  Foundation  has  always  published  most  of  its  information 
electronically.  We  produce  a  regular  electronic  newsletter,  communicate  with  our 
members  and  the  public  largely  by  electronic  mail  and  telephone,  and  have  built  a 
massive  archive  of  electronically  stored  information  about  civil  rights  and  responsi- 
bilities, which  is  published  for  instant  Web  or  FTP  access  from  anywhere  in  the 
world. 

We  would  like  to  publish  this  book  in  the  same  form,  but  we  can't  yet,  until  our 
court  case  succeeds  in  having  this  research  censorship  law  overturned.  Publishing 
a  paper  book's  exact  same  information  electronically  is  seriously  illegal  in  the 
United  States,  if  it  contains  cryptographic  software.  Even  communicating  it  pri- 
vately to  a  friend  or  colleague,  who  happens  to  not  live  in  the  United  States,  is 
considered  by  the  government  to  be  illegal  in  electronic  form. 

The  US  Department  of  Commerce  has  officially  stated  that  publishing  a  World 
Wide  Web  page  containing  links  to  foreign  locations  which  contain  cryptographic 
software  "is  not  an  export  that  is  subject  to  the  Export  Administration  Regulations 
(EAR)."*  This  makes  sense  to  us  —  a  quick  reductio  ad  absurdum  shows  that  to 
make  a  ban  on  links  effective,  they  would  also  have  to  ban  the  mere  mention  of 
foreign  Universal  Resource  Locators.  URLs  are  simple  strings  of  characters,  like 
http://www.eff.org;  it's  unlikely  that  any  American  court  would  uphold  a 
ban  on  the  mere  naming  of  a  location  where  some  piece  of  information  can  be 
found. 

Therefore,  the  Electronic  Frontier  Foundation  is  free  to  publish  links  to  where 
electronic  copies  of  this  book  might  exist  in  free  countries.  If  we  ever  find  out 
about  such  an  overseas  electronic  version,  we  will  publish  such  a  link  to  it  from 
the  page  at  http://www.eff.org/pub/Privacy/Crypto_misc/ 
DES_Cracking/. 


*  In  the  letter  at  http:  //samsara.  law.cwru.edu/comp_law/jvd/pdj  -bxa-gjs07  03  97  .htm, 
which  is  part  of  Professor  Peter  Junger's  First  Amendment  lawsuit  over  the  crypto  export  control  regula- 
tions. 
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Scanning 


When  printing  this  book,  we  used  tools  from  Pretty  Good  Privacy,  Inc  (which  has 
since  been  merged  into  Network  Associates,  Inc.).  They  built  a  pretty  good  set  of 
tools  for  scanning  source  code,  and  for  printing  source  code  for  scanning.  The 
easiest  way  to  handle  the  documents  we  are  publishing  in  this  book  is  to  use  their 
tools  and  scanning  instructions. 

PGP  published  the  tools  in  a  book,  naturally,  called  "Tools  for  Publishing  Source 
Code  via  OCR",  by  Colin  Plumb,  Mark  H.  Weaver,  and  Philip  R.  Zimmermann, 
ISBN  #  1-891064-02-9.  The  book  was  printed  in  1997,  and  is  sold  by  Printers  Inc. 
Bookstore,  301  Castro  St,  Mountain  View,  California  94041  USA;  phone  +1  650  96 1 
8500;  http  :  /  /www.  pibooks  .  com. 

The  tools  and  instructions  from  the  OCR  Tools  book  are  now  available  on  the 
Internet  as  well  as  in  PGP's  book.  See  http://www.pgpi.com/project/,  and 
follow  the  link  to  "proof-reading  utilities".  If  that  doesn't  work  because  the  pages 
have  been  moved  or  rearranged,  try  working  your  way  down  from  the  Interna- 
tional PGP  page,  http  :  //www.pgpi  .  com. 

PGP's  tools  produce  per-line  and  per-page  checksums,  and  make  normally  invisi- 
ble characters  like  tabs  and  multiple  spaces  explicit.  Once  you  obtain  these  tools, 
we  strongly  suggest  reading  the  textual  material  in  the  book,  or  the  equivalent 
README  file  in  the  online  tool  distribution.  It  contains  very  detailed  instructions 
for  scanning  and  proofreading  listings  like  those  in  this  book.  The  instructions  that 
follow  in  this  chapter  are  a  very  abbreviated  version. 

The  first  two  parts  of  converting  these  listings  to  electronic  form  is  to  scan  in 
images  of  the  pages,  then  convert  the  images  into  an  approximation  of  the  text  on 
the  pages.  The  first  part  is  done  by  a  mechanical  scanner;  the  second  is  done  by 
an  Optical  Character  Recognition  (OCR)  program.  You  can  sometimes  rent  time  at 
a  local  "copy  shop"  on  a  computer  that  has  both  a  scanner  and  an  OCR  program. 

When  scanning  the  sources,  we  suggest  "training"  your  OCR  program  by  scanning 
the  test-file  pages  that  follow,  and  some  of  the  listings,  and  correcting  the  OCR 
program's  idea  of  what  the  text  actually  said.  The  details  of  how  to  do  this  will 
depend  on  your  particular  OCR  program.  But  if  you  straighten  it  out  first  about  the 
shapes  of  the  particular  characters  and  symbols  that  we're  using,  the  process  of 
correcting  the  errors  in  the  rest  of  the  pages  will  be  much  easier. 

Some  unique  characters  are  used  in  the  listings;  train  the  OCR  program  to  convert 
them  as  follows: 
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Right  pointing  triangle  (used  for  tabs)  -  currency  symbol  (byte  value  octal  244) 

Tiny  centered  triangle  "dot"  (used  for  multiple  spaces)  -  center  dot  or 
bullet  (byte  value  octal  267) 

Form  feed  -  yen  (byte  value  octal  245) 

Big  black  square  (used  for  line  continuation)  -  pilcrow  or  paragraph 
symbol  (byte  value  octal  266). 

Once  you've  scanned  and  OCR'd  the  pages,  you  can  run  them  through  PGP's  tools 
to  detect  and  correct  errors,  and  to  produce  clean  online  copies. 


Bootstrapping 


By  the  courtesy  of  Philip  R.  Zimmermann  and  Network  Associates,  to  help  people 
who  don't  have  the  PGP  OCR  tools,  we  have  included  PGP's  bootstrap  and  boot- 
strap2  pages.  (The  word  bootstrap  refers  to  the  concept  of  "pulling  yourself  up  by 
your  bootstraps",  i.e.  getting  something  started  without  any  outside  help.)  If  you 
can  scan  and  OCR  the  pages  in  some  sort  of  reasonable  way,  you  can  then  extract 
the  corrected  files  using  just  this  book  and  a  Perl  interpreter.  It  takes  more  manual 
work  than  if  you  used  the  full  set  of  PGP  tools. 

The  first  bootstrap  program  is  one  page  of  fairly  easy  to  read  Perl  code.  Scan  in 
this  page,  as  carefully  as  you  can:  you'll  have  to  correct  it  by  hand.  Make  a  copy 
of  the  file  that  results  from  the  OCR,  and  manually  delete  the  checksums,  so  that  it 
will  run  as  a  Perl  script.  Then  run  this  Perl  script  with  the  OCR  result  (with  check- 
sums) as  the  argument.  If  you've  corrected  it  properly,  it  will  run  and  produce  a 
clean  copy  of  itself,  in  a  file  called  bootstrap.  (Make  sure  none  of  your  files 
have  that  name.)  If  you  haven't  corrected  it  properly,  the  perl  script  will  die  some- 
how and  you'll  have  to  compare  it  to  the  printed  text  to  see  what  you  missed. 

When  the  bootstrap  script  runs,  it  checks  the  checksum  on  each  line  of  its  input 
file.  For  any  line  that  is  incorrect,  the  script  drops  you  into  a  text  editor  (set  by  the 
EDITOR  environment  variable)  so  you  can  fix  that  line.  When  you  exit  the  editor, 
it  starts  over  again. 

Once  the  bootstrap  script  has  produced  a  clean  version  of  itself,  you  can  run  it 
against  the  scanned  and  OCR'd  copy  of  the  bootstrap2  page.  Correct  it  the  same 
way,  line  by  line  until  bootstrap  doesn't  complain.  This  should  leave  you  with  a 
clean  copy  of  bootstrap2. 

The  bootstrap2  script  is  what  you'll  use  to  scan  in  the  rest  of  the  book.  It  works 
like   the   bootstrap    script,    but    it    can    detect   more    errors    by   using   the    page 
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checksum.  Again,  it  wont  correct  most  errors  itself,  but  will  drop  you  into  an  edi- 
tor to  correct  them  manually.  (If  you  want  automatic  error  correction,  you  have  to 
get  the  PGP  book.) 

All  the  scannable  listings  in  this  book  are  in  the  public  domain,  except  the  test-file, 
bootstrap,  and  bootstrap2  pages,  which  are  copyrighted,  but  which  Network  Asso- 
ciates permits  you  to  freely  copy.  So  none  of  the  authors  have  put  restrictions  on 
your  right  to  copy  their  listings  for  friends,  reprint  them,  scan  them  in,  publish 
them,  use  them  in  products,  etc.  However,  if  you  live  in  an  unfree  country,  there 
may  be  restrictions  on  what  you  can  do  with  the  listings  or  information  once  you 
have  them.  Check  with  your  local  thought  police. 
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— a2b7  000063ee6a78001 0001  Page  1  of  test-file 

2e0bc8  This  is  a  test  page  for  OCR  training.  -This  includes  many  possible 
206b53  glyphs  for  training  purposes. 
e4af 5a 

d96fef  ■!"#$%&'()*+,-. /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZII\:A^"abcdefghijklmno 
f2a107  !"#$%&' ()*+,-. /0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZi:\]A^'abcdefghijklmnop 
681 6d9  "#$%&'()*+,-. /01 23456789 :;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZi:\]A-,abcdefghijklmnopq 
e998f4  #$%&'()*+,-. /01 23456789 :;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZII\]A^'abcdefghijklmnopqr 
050dba  $%S'()*+,-./01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZC\]A^'abcdefghijklmnopqrs 
5ea3b1  %&'(>*+,-. /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\]A-'abcdefghijklmnopqrst 
8d72eb  8' ()*+,-. /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\]A^'abcdefghijklmnopqrstu 
333e8c  '()*  +  ,-. /0123456789: ; <=>?3ABC D E FGH I  J KLMNO PQR STU VWX Y Z [ \ ] A- ' abcdefghijklmnopqrstuv 
68465e  ()*  +  ,-. /0123456789:;<  =  >?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\:A-'abcdefghijklmnopqrstuvw 
84d756  )*  +  ,-. /01 23456789: ;<  =  >?aABCDEFGHIJKLMNOPQRSTUVWXYZC\]A-'abcdefghijklmnopqrstuvwx 
e334a8  *  +  ,-.  /01 23456789: ;<  =  >?aABCDEFGHIJKLMNOPQRSTUVWXYZi:\]A^'abcdefghijklmnopqrstuvwxy 
319bd3  +,-./0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ:\:A-'abcdefghijklmnopqrstuvwxyz 
d8390f  ,-./0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\]A-'abcdefghijklmnopqrstuvwxyz{ 
5120a8  -./0123456789:;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\:A_'abcdefghijklmnopqrstuvwxyz{! 
c29e23  ./01  23456789:  ;<  =  >?aABCDEFGHIJKLMNOPQRSTUVWXYZlI\DA-abcdefghijklmnopqrstuvwxyz{:j> 
f5152f  /01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ:\]A-,abcdefghijklmnopqrstuvwxyz<:!}~ 
e103f5  •!"#$%&'()*  +  ,-./: ;<  =  >?a[\DA^' { j }~  !"#$%&'()*  +  ,-./:;<  =  > ?a L" \ J A- 'C|> ~  !"#$%&'(>*+,- 
a65757  !"#$%&'()*  +  ,-./:;<  =  >?a:\:A-'-C!>"  !"#$%&'()*  +  ,-. /:;<  =  >?3II\:iA-'-C!}~  !"#$%&'()*  +  ,-. 
3f0d4d  '■#$%&• (>*  +  ,-. /:;<  =  >?aC\:A-*-ti>"  !"#$%&'()*  +  ,-. /:;<  =  >?aC\]A-'-C|>~  !"#$%&■ <)*  +  ,-./ 
39c2e4  #$%&  '()*  +  ,-./:; <=>?aC \ ]A- ' £ | > "  !"#$%&■()*+,-./:;<=> ?3C \ DA- *  -C  | > "  !"#$%&'()*  +  ,-./: 
af95c7  $%&'()*  +  ,-. /:;<  =  >?a:\]A^"{|>~  !  "#$%&■  ()*  +  ,-. /:;<  =  >?a[\]A^'-C|>~  !"#$%&•(>*+,-./:; 
bd83ed  %&'()*  +  ,-./:;  <  =  >?aH  \  II  A- '{  |  }  ~  !"#$%&'()*+,-. /:;<=>?a[\:A--{|>~  !"#$%&•()*+,-./:;< 
616284  &'()*  +  ,-. /:;<  =  >?aiI\]A^' { j }~  !" #$%&'()*+,-./:; <=> ?a I \ D A- *  *  |  > "  !"#$%&'()*  +  ,-./:;<  = 
27af 5a 

91caca  The  following  letters  are  often  confused: 

ce6e48  C  vs.  c  C  c  C  c  CC  cc  CCC  ccc  CcCc  cCcC  -0  vs.  o  0  o  0  o  00  oo  000  ooo  OoOo  0O0O 
666db7  P  vs.  p  P  p  P  p  PP  pp  PPP  ppp  PpPp  pPpP  -S  vs.  s  S  s  S  s  SS  ss  SSS  sss  SsSs  sSsS 
a1d639  U  vs.  u  U  u  U  u  UU  uu  UUU  uuu  UuUu  uUuU  -V  vs.  v  V  v  V  v  VV  vv  VVV  vvv  VvVv  vVvV 
3f1e31  W  vs.  w  W  w  W  w  WW  ww  WWW  www  WwWw  wWwW  -X  vs.  x  X  x  X  x  XX  xx  XXX  xxx  XxXx  xXxX 
3883cf  Y  vs.  y  Y  y  Y  y  YY  yy  YYY  yyy  YyYy  yYyY  -Z  vs.  z  Z  z  Z  z  ZZ  zz  ZZZ  zzz  ZzZz  zZzZ 
8bbbae  1  vs .  I  1  I  1  I  1 1  I  I  111  III  1111  1111  -9  vs.  g  9  g  9  g  99  gg  999  ggg  9g9g  g9g9 

e5035e  -  vs.  «-«-«  —  «« _~  ----  _,---  -a  vs.  a  a  a  a  a  aa  aa  333  aaa  3a3a  a3aa 

a  3 9 0 2  5  i  vs.  ;  i  ;  i  ;  i  i  ; ;  i  i  i  ; ; ;  i ; i ;  ; i ; i  • X    vs.  X  %  X  X    X  XX    XX  XXX    XXX  % X % X  X % X % 

408038  .  vs.  ••.  •-.  ••..  ••-...  ••••.  .  ••.  .  -i  vs.  7  i  7  i  7  i i  77  iii  777  i  7  i  7  7i7i 

406e48  C  vs.  c  C  c  C  c  CC  cc  CCC  ccc  CcCc  cCcC  -0  vs.  o  0  o  0  o  00  oo  000  ooo  OoOo  0O0O 

a0a  f  5a 

d4a6bb  Some  normally  non-printing  characters  are  printed. 

68c3d5  >        One  space:  One  tab:>     One  form  feed:¥ 

2ae0c3  >        Two  tabs:o       >        Two  spaces:  -Two  form  feeds:¥ 

c47e1d  ¥ 

62c06d  t>  Three  spaces:  --Three  tabs:>     >        >        One  trailing  space:* 

71af 5a 

82fc34  Very  long  lines  are  wrapped  as  follows: 

a53f7d  !"#$%S'()*+,-./01 23456789: ;<=>?aABCDEFGHIJKLMNOPQRSTUVWXYZ[\:A^'abcdefghijklmnol 

f7dc06  pqrstuvwxyz-C  | >"!"#$% 8' (>*+,-./ 01 23456789: ;<  =  >?3ABCDEFGHIJKLMN0PQRSTUVWXYZ[\]A-"i 

c2dace  abcdefghijklmnopqrstuvwxyz{!}~!,,#$%&'  ()*  +  ,-. /0123456789:;<  =  >?3ABCDEFGHIJKLMNOPQi 

aa1090  RSTUVWXYZ[\]A-,abcdefghijklmnopqrstuvwxyz£!}~!"#$%&,()*+,-./01 23456789: ;<=>?3ABi 

1 1 3f 71  CDEFGHIJKLMNOPQRSTUVWXYZ[\]A^'abcdefghijklmnopqrstuvwxyz{ [>"!"#$% 8' ()*+,-. /01231 

f2ff02  45678 

25af 5a 

4  f  7  5 1 f  >        >        int  some~identifierSwlook-like-this; 

d861db  >         >         #ifdef  OTH E R-D E F I N ES-LOOK-L I KE-TH I S 

5bdb4at>         >         t>         for(i=0;i<100;i++)-C 

c8f92d  >        >        >        >        if  (foo(  )  j  J  bar( )) 

073aae  >         >         >         >         >         variable  A=  F LAG-ONE j F LAG-TWO j F LAG-THREi 

64c29b  E; 

4a15b5  o        >        >        } 

aee89d  The  following  lines  have  77    underscores: 

2  a  6438  /* _-__, - ___ 

a77cb9  -MMl ______ ________________________ _*/ 

dca  f  5a 

33c707  i>        >        >        >        Tabs  and  spacesc-  -  -  *  >    ••-•[>    Tabs  and  spaces 

977212  *  >       •  >       ->  *>       Tabs  and  spaces^  ••••[>   >   Tabs  and  spaces 

f4eca2  **i>      **t>      -  -  >      -  -  >      Tabs  and  spacest>  t>  t>  Tabs  and  spaces 

c551ac  **-i>     •.•[>     •..[>     .  »  »  >     Tabs  and  spaceso  >  !>Tabs  and  spaces 

18af 5a 

4354d3  The  OCR  radix-64  character  set: 

88cb81  >        ABCDEFGHIJKLMNPQRSTVWXYZabcdehijklmnpqtuwy145689\A!#$ %&*+=/: <>?3 

06af 5a 


4-8 


Chapter  4:  Scanning  the  Source  Code 


b735  00039830f b280010001  Page  2  of  test-file 


39eaa9 
3eaf 5a 
36eac9 
654ed8 
ad9f70 
438a45 
b20375 
5038d1 
8bd3e3 
9f 2301 
67f 2c3 
331559 
8027ee 
9ca861 
3d9206 
a93391 
4da208 
d5b793 
73959b 
eb9b69 
517be6 
4d37bd 
22bd2c 
901ab2 
f a9d4d 
ee  5dbe 
ec7999 
b266a7 
6f  131d 
da9cb0 
4cc3f b 
129172 
982f4e 
d7eebc 
baebd 
5a5020 
a1 f664 
0998b1 
b7ada  c 
a2317d 
bf2f 5c 
8ad4c7 
013dd1 
3e5c3b 
104f ca 
4a2737 
4c12b5 
f 77b32 
589b18 
cae791 
f6c12b 
b1a023 
f  58008 
d4dad0 
eb1627 
88e179 
a6b1f f 
3d31ad 
32c163 
749224 
fbd2e2 
8975ad 
db7126 
c9c2e2 
f8cfa9 
5f 267a 
10c95b 
0af a94 
943f 18 
965f 95 
75fd5c 
39b879 


The  following  pattern  contains  every  pair  of  adjacent  printable  ASCII  chars 


%  + 


)*(  + 
*)  +  ( 
*+), 
+  *,) 


+  8, 

',! 
i  . 

(- 
-( 

)  .  i 


1  + 


0.1-2 


3-4 


5;4 


7;6<5 


9;8<7=6 

;9< 


;  :<9 


3;  A 


3>A=B<C 


{$z%y 
${%z8 
|  %  {  &  z 
%  |  S  {  ' 

}&!  '{ 
&>•  !  ( 
"  ■  >(  | 
'•"<>) 
.  (~)> 
(.)"* 
)  .*" 
)  *.+ 


$-#.  " 
-$.#/ 
%.$/# 
.%/$0 
&/%0$ 
/80%1 
■081% 
0'  1&2 
(1  '2& 
1  (2'3 
)2(3' 
2)3(4 
*3)4( 
3*4)5 
+  4*5) 
4  +  5*6 
,5  +  6* 
5,6  +  7 
-6,7  + 
6-7,8 
.7-8, 
7.8-9 
/8.9- 
8/9.  : 
09/:  . 
90:  /; 
1:0;/ 
:  1  ;  0  < 
2;1<0 
;2<1  = 
3<2  =  1 
<3  =  2> 
4  =  3>2 
=  4>3? 
5>4?3 

>5?4a 

67534 
?65)5A 
736A5 
37A6B 
8A7B6 
A8B7C 
9B8C7 
B9C8D 
:  C9D8 
C  :  D9E 
;  D  :  E  9 
D  ;  E  :  F 
<  E  ;  F  : 
E  <  F  ;  G 
=  F  <  G  ; 
F  =  G<H 


8x'w( 
y  '  x  (  w 
'y(x) 
z  (  y  )  x 
(z)y* 
Oz*y 
X*z  + 
!*{  +  z 
*!+{, 
>+!,< 
+  >,!- 

-.  ."/ 
.  .  /- 

.  /.0 

!  /  0. 
/  !0  1 
"0!  1 
0"1  !2 
#1  "2! 
1  #2  "3 
$2  #3" 
2$3#4 
%3$4# 
3%4$5 
8  4  %  5  $ 
485%6 
'  586% 
5  '687 
(6'78 
6(7'8 
)7(8' 
7)8(9 
*8)9( 
8*9)  : 
+  9*:  ) 
9+:*; 
■  +  ■  * 
:  ,  ;  +  < 
-  ;  ,  <  + 

;-<,= 

<-  =  , 

< .  =-> 

/=.>- 
=  />.  ? 
0>/? . 
>0?/a 

1  ?0S)/ 
?1S)0A 

2ai  A0 

32A1B 
3A2B1 
A3B2C 
4B3C2 
B4C3D 
5C4D3 
C5D4E 
6D5E4 
D6E5F 
7E6F5 
E7F6G 
8F7G6 
F8G7H 
9G8H7 
G9H8I 
:  H9I8 
H:  I9J 
;  I  :  J  9 


v  )  u* t  + 
) v*u+t 
w*v+u, 
*w+v, u 
x+w, v- 
+x, w-v 
y,x-w. 
,y-x  .  w 
z-y . x/ 
-z .y/x 
{.z/y 
.  -C/z0y 
|  /-C0z1 
/  |0{1z 
>0| 1<2 
0>1  |  2{ 
~1>2  |  3 
1 ~2>3 | 
-2~3>4 
2.3~4> 
3.4~5 
3  4.5~ 
!4  5.6 
4!5  6. 
"  5  !  6  7 
5"6!7 
#6"7!8 
6#7"8! 
$7#8"9 
7$8#9" 
%8$9#: 
8%9$:# 
8  9  %  :  $  ; 
98:%;$ 
•  :8;%< 
:  '  ;8<% 
(; '<8= 
;(<'=8 
)<(=■> 
<)=(>' 
*=)>(? 
=*>)?( 

+>*?  >a 
>+?*a) 
,?+a*A 
?,a+A* 
-a,A+B 
a-A,B+ 

. A-B,C 
A.B-C, 
/B. C-D 
B/C. D- 
0C/D.  E 
C0D/E  . 
1 D0E/F 
D1E0F/ 
2E1 F0G 
E2F1G0 
3F2G1H 
F3G2H1 
4G3H2I 
G4H3I2 
5H4I3J 
H5I4J3 
6I5J4K 
I6J5K4 
7J6K5L 
J7K6L5 
8K7L6M 
K8L7M6 


0x1 
1x 

y" 

2 
z 
3 
{ 

4 

5 
> 
6 

7 

8 

9 


1m  2 


7u8 


5n6 


r  :q 


e;d 


=  f 


k;j 


h>g 


i  :  m  ;  I  < 
n  ;  m<  I 


<o=n>m? I 
p=o>n?ma 
m 

A 
n 


:p>o?na 


:  x;w<v  =  u>t 


z:y;x<w=v>u 


:  { 


< 

<  y  =  x  >  w  ".'  v 

z=y>x?w3 
=z>y?x3w 


y<x  =  w>v  .'  u 

a 

V 

A 


< 
={>z?ya 


#<"  = 


8  =  %  >  $ 
>%? 


}=!>{ 
=  >> 
~>} 
>~  ?: 

.  ?"i 

?  .a 

a.- 

a  a 

!  A  I 
A!B 

I  !  i 
C 


CD 


B!  C 


DS 


E8 


F8 


GS 


+  1 


G!H 


J+K' 
K  + 


M8N0/! 


NS 


:GwH' 


!0 


P8Q 


$ 
R 
% 
Q'  R8S 


IwJvK 


xKwLvM 

KxLwMv 

L 

y 

M 
z 
N 
{ 

0 


S  ! 


zQ 


■  r.8 
r.  ■  \ 

(\  '  D8 


b  =  a> 
=  b>a 
Ob? 
>c?b 

d?ca 
?dac 

e3dA 
aeAd 
f  AeB 
AfBe 
gBf  C 
BgCf 
hCgD 
ChDg 
i  DhE 
Di  Eh 
jEiF 
EjFi 
kF  jG 
FkGj 
IGkH 
GlHk 
mHU 
Hml  I 
n  Im  J 
I  n  Jm 
oJnK 
JoKn 
pKoL 
KpLo 
qLpM 
LqMp 
rMqN 
MrNq 
sNrO 
NsOr 
tOsP 
OtPs 
uPtQ 
PuQt 
vQuR 
QvRu 
wRvS 
RwSv 
xSwT 
SxTw 
yTxU 
TyUx 
zUyV 
UzVy 
{VzW 
V{Wz 
!  WO 
W  !  X{ 
}X  !  Y 
X>Y| 
~Y>Z 
Y~Z> 
.Z~C 
Z.C" 

c.  \ 

r.  \. 
!  \  ] 

\ ! : 

"]  !  A 

]„A] 

#A"_ 
A#^" 
$„#• 
_$'  # 


?-a 
?'a- 

aa  '  A 
3aA  ' 
bAaB 
AbBa 
cBbC 
BcCb 
dCcD 
CdDc 
eDdE 
DeEd 
f  EeF 
Ef  Fe 
gFfG 
FgGf 
hGgH 
GhHg 
i  Hhl 
Hi  Ih 
jli  J 
I  j  Ji 
kJ  jK 
JkKj 
IKkL 
KILk 
mLIM 
LmMl 
nMmN 
MnNm 
oNnO 
NoOn 
pOoP 
OpPo 
qPpQ 
PqQp 
rQqR 
QrRq 
sRrS 
RsSr 
tSsT 
StTs 
uTtU 
TuUt 
vUuV 
UvVu 
wVvW 
VwWv 
xWwX 
WxXw 
yXxY 
XyYx 
zYyZ 
YzZy 
{ZzC 
Z{[z 

!  c<\ 

C  !  \i 

y\ ! : 
\>:  i 

~]}A 

:~A> 


"a  !b 
a"b! 


AA]B 

aab: 

^BAC 
B-CA 
*  CD 
C*  D^ 
aD'  E 
DaE' 
bEaF 
EbFa 
cFbG 
FcGb 
dGcH 
GdHc 
eHdl 
Held 
f  IeJ 
If  Je 
gJf  K 
JgKf 
hKgL 
KhLg 
i  LhM 
LiMh 
jMi  N 
MjNi 
kNjO 
NkOj 
lOkP 
OlPk 
mPlQ 
PmQl 
nQmR 
QnRm 
oRnS 
RoSn 
pSoT 
SpTo 
qTpU 
TqUp 
rUqV 
UrVq 
sVrW 
VsWr 
tWsX 
WtXs 
uXtY 
XuYt 
vYuZ 
YvZu 
uZ  v  C 
ZwCv 
xtw\ 
Cx\w 
y\x] 
\yJx 
z]yA 
]zAy 
<Az- 
ACz 
j„-T 
-i  *t 
>'  |a 
•>a| 
~a>b 
a~b> 
.b~c 
b.  c~ 
c.d 
c  d. 


\CCDZ 
C\DCE 

:d\e: 
d:e\f 
ae:f\ 
eaf:g 
^fag: 
f^gah 

,G-HA 
G'  h_i 
aH"  I„ 
Hal  '  J 
blaJ  ' 
IbJaK 
cJbKa 
JcKbL 
dKcLb 
KdLcM 
eLdMc 
LeMdN 
f  MeNd 
Mf  NeO 
gNf  Oe 
NgOf  P 
hOgPf 
OhPgQ 
iPhQg 
PiQhR 
jQi  Rh 
QjRiS 
kRjSi 
RkSjT 
ISkTj 
SITkU 
mTlUk 
TmUlV 
nUmVl 
UnVmW 

0  VnWm 
VoWnX 
pWoXn 
WpXoY 
qXpYo 
XqYpZ 
rYqZp 
YrZqC 
sZ  rCq 
ZsCr\ 
t£s\r 
[t\s] 
u\tDs 
\u3tA 
vHuAt 

1  vAu- 
wAv-u 

A  WwV  ' 

x-w  '  v 
-x'wa 
y'xaw 
'  yaxb 
zaybx 
a  zbyc 
{bz  cy 
b{czd 
!  c(dz 
c  |d{e 
>d|e{ 
d>e|  f 
~e>f  ! 
e~f  >g 


EYFXG 
ZFYGX 
FZGYH 
CGZHY 
GtHZI 
\HCIZ 
H\IC  J 
]I\J[ 

i:j\k 
aj:k\ 
jak:l 
-kal: 

K^LAM 
N  L^MA 

aM'  N^ 
MaN'  0 
bNaO' 
NbOaP 
cObPa 
OcPbQ 
dPcQb 
PdQcR 
eQdRc 
QeRdS 
f  ReSd 
Rf  SeT 
gSfTe 
SgTfU 
hTgUf 
ThUgV 
iUhVg 
Ui  VhW 
j  Vi  Wh 
V  jWiX 
kWjXi 
WkX  j  Y 
IXkYj 
XlYkZ 
mYlZk 
YmZ  IC 
nZmCl 
Zn[m\ 
o  C  n  \m 
Co\n] 
p\oDn 

\P:oA 

q]pAo 
]qAp- 
rAq^p 
Ar-q- 
s-r'  q 
-s'ra 
t'sar 
'  tasb 
ua  t  bs 
aubtc 
vbu  c  t 
bvcud 
w  c  vdu 
cwdve 
xduev 
dxewf 
yexf  w 
eyf  xg 
zf  ygx 
f  zgyh 
{gzhy 
g{hz  i 
'  h<iz 


Chapter  4:  Scanning  the  Source  Code  4-9 


--2402  0008e6572098001 0001  Page  3  of  test-file 

6783e0  BCADaE?F>G=H<I;J:K9L8M7N6O5P4Q3R2S1T0U/V.W-X,Y+Z*[)\(],A8-%*$a#b"c!d  e.  f ~g>h  |  i{ j 
7a003c  CBDAEaF?G>H=I<J;K:L9M8N7O6P5Q4R3S2T1U0V/W.X-Y,Z+C*\)3(A,^&,%a$b#c"d!e  f . g  ~  h }i |j{ 
0860ab  CDBEAFaG?H>I=J<K;L:M9N8O7P6Q5R4S3T2U1V0W/X.Y-Z,C+\*:)A(-.,-Sa%b$c#d"e!f  g.h~i>j|k 
a30f62  DCEBFAGaH?I>J=K<L;M:N9O8P7Q6R5S4T3U2V1W0X/Y.Z-II,\+:*A)-(' 'a8b%c$d#e"f!g  h.i~j>k| 
6fd75a  DECFBGAHai?J>K=L<M;N:O9P8Q7R6S5T4U3V2WlX0Y/Z.II-\,:+A*-)"(a,b&c%d$e#f"g!h  i.j~k>L 
4845ae  EDFCGBHAiaJ?K>L=M<N;O:P9Q8R7S6T5U4V3W2XlY0Z/[.\-:,A+^*')a(b'c&d%e$f#g"h!i  j.k~l> 
81cac2  EFDGCHBIAjaK?L>M=N<O;P:Q9R8S7T6U5V4W3X2Y1Z0C/\.:-A,^+'*a)b(c'd8e°/f$g#h"i ! j  k.L~m 
4e48f8  FEGDHCIBJAKaL?M>N=O<P;Q:R9S8T7U6V5W4X3Y2Z1C0\/].A-^,,+a*b)c(d,e8f%g$h#i"j!k  L.m" 
81ada4  FGEHDICJBKALaM?N>O=P<Q;R:S9T8U7V6W5X4Y3Z2[1\0]/A.--',a+b*c)d(e'f8g%h$i#j"k! I  m.n 
1c7040  GFHEIDJCKBLAMaN?O>P=Q<R;S:T9U8V7W6X5Y4Z3[2\i:0A/^.'-a,b+c*d)e(f,g8h%i$j#k"l!m  n. 
5fed17  GHFIEJDKCLBMANaO?P>Q=R<S;T:U9V8W7X6Y5Z4C3\2]1A0-/' .a-b,c+d*e)f(g'h8i%j$k#l"m!n  o 
b6d83b  HGIFJEKDLCMBNAOaP?Q>R=S<T;U:V9W8X7Y6Z5II4\3:2A1-0'/a.b-c,d+e*f)g(h,i8j%k$L#m"n!o- 
a3ad8f  HIGJFKELDMCNBOAPaQ?R>S=T<U;V:W9X8Y7Z6:5\4]3A2-1%0a/b.c-d,e+f*g)h(i,j8k%L$m#n"o!p 
725802  IHJGKFLEMDNCOBPAQaR?S>T=U<V;W:X9Y8Z7[6\5D4A3-2'1a0b/c.d-e,f+g*h)i(j'k8L%m$n#o"p! 
959bd0  IJHKGLFMENDOCPBQARaS?T>U=V<W;X:Y9Z8C7\6]5A4w3'2a1b0c/d.e-f,g+h*i)j(k'L8m%n$o#p"q 
a7ece6  JIKHLGMFNEODPCQBRASaT?U>V=W<X;Y:Z9[8\7]6A5-4'3a2b1c0d/e.f-g,h+i*j)k(L'ni8n%o$p#q" 
41 1 82d  JKILHMGNFOEPDQCRBSATaU?V>W=X<Y;Z:[9\8:7A6-5'4a3b2c1d0e/f.g-h,i+j*k)L(m'n8o%p$q#r 
c0ca81  KJLIMHNGOFPEQDRCSBTAUaV?W>X=Y<Z;C:\9:8A7„6'5a4b3c2d1e0f/g.h-i,j+k*l)m(n'o8p%q$r# 
02ff93  KLJMINHOGPFQERDSCTBUAVaW?X>Y=Z<C;\:]9A8^7,6a5b4c3d2e1f0g/h.i-j,k+L*m)n(o,p8q%r$s 
6d2e9f  LKMJNIOHPGQFRESDTCUBVAWaX?Y>Z=[<\;]:A9-8,7a6b5c4d3e2f1g0h/i.j-k,L+m*n)o(p'q8r%s$ 
6e2054  LMKNJOIPHQGRFSETDUCVBWAXaY?Z>[=\<];A:_9'8a7b6c5d4e3f2g1h0i/j.k-L,m+n*o)p(q,r8s%t 
48b315  MLNKOJPIQHRGSFTEUDVCWBXAYaZ?C>\=:<A;-:'9a8b7c6d5e4f3g2h1i0j/k.L-m,n+o*p)q(r's8t% 
3eb1de  MNLOKPJQIRHSGTFUEVDWCXBYAZaC?\>:=A<^;,:a9b8c7d6e5f4g3h2i1j0k/L.m-n,o+p*q)r(s't8u 
3a0012  NMOLPKQJRISHTGUFVEWDXCYBZA:a\?:>A=-<';a:b9c8d7e6f5g4h3i2j1k0L/m.n-o,p+q*r)s(fu8 
a59b13  NOMPLQKRJSITHUGVFWEXDYCZBCA\a]?A>-=,<a;b:c9d8e7f6g5h4i3j2k1L0m/n.o-p,q+r*s)t(u'v 
ba4ad0  ONPMQLRKSJTIUHVGWFXEYDZC[B\A:aA?->■=a<b;c:d9e8f7g6h5^4j3k2l1m0n/o.p-ql,r+s*t)u(v, 
b0fcc9  OPNQMRLSKTJUIVHWGXFYEZDCC\B]AAa-?'>a=b<c;d:e9f8g7h6i5j4k3L2m1n0o/p.q-r,s+t*u)v(w 
0dab0d  POQNRMSLTKUJVIWHXGYFZE[D\C]BAA-a'?a>b=c<d;e:f9g8h7i6j5k4L3m2n1o0p/q.r-s,t+u*v)w( 
53bd66  PQORNSMTLUKVJWIXHYGZF[E\D]CAB-,A'aa?b>c=d<e;f:g9h8i7j6k5L4m3n2o1p0q/r.s-t,u+v*w)x 
a26c65  QPROSNTMULVKWJXIYHZGCF\E]DAC-B'Aaab?c>d=e<f;g:h9i8j7k6L5m4n3o2p1q0r/s.t-u,v+w*x) 
19511a  QRPSOTNUMVLWKXJYIZHCG\F]EAD_C,BaAbac?d>e=f<g;h:i9j8k7l6m5n4o3p2q1r0s/t.u-v,w+x*y 
6c16da  RQSPTOUNVMWLXKYJZI[H\G]FAE-D"CaBbAcad?e>f=g<h;i:j9k8L7m6n5o4p3q2r1s0t/u.v-w,x+y* 
e0f314  RSQTPUOVNWMXLYKZJ[I\H]GAF^E'DaCbBcAdae?f>g=h<i;j:k9L8m7n6o5p4q3r2s1t0u/v.w-x,y+z 
c6caf3  SRTQUPVOWNXMYLZK[J\I]HAG^F'EaDbCcBdAeaf?g>h=i<j;k:L9m8n7o6p5q4r3s2t1u0v/w.x-y,z+ 
de37f4  STRUQVPWOXNYMZLCK\j:iAH^GFaEbDcCdBeAfag?h>i=j<k;L:ni9n8o7p6q5r4s3t2u1v0w/x.y-z,{ 
2b2379  TSURVQWPXOYNZMllL\K:jAI^H"GaFbEcDdCeBfAgah?i>j  =  k<L;iTi:n9o8p7q6r5s4t3u2v1w0x/y.z-{, 
ede510  TUSVRWQXPYOZNCM\LDKAJ-I'HaGbFcEdDeCfBgAhai?j>k=L<m;n:o9p8q7r6s5t4u3v2w1x0y/z.-C-! 
20eb2e  UTVSWRXQYPZO:N\M]LAK„J'IaHbGcFdEeDfCgBhAiaj?k>L=m<n;o:p9q8r7s6t5u4v3w2x1y0z/-C.!- 
6714a3  UVTWSXRYQZP:o\N:MAL_K'JaIbHcGdFeEfDgChBiAjak?L>m=n<o;p:q9r8s7t6u5v4w3x2y1z0{/!.> 
fc8685  VUWTXSYRZQ[P\O]NAM^L'KaJbIcHdGeFfEgDhCiBjAkaL?m>n=o<p;q:r9s8t7u6v5w4x3y2z1{0|/>. 
3750b7  VWUXTYSZR[Q\P]OAN-.M'LaKbJcIdHeGfFgEhDiCjBkALam?n>o  =  p<q;r:s9t8u7v6w5x4y3z2{:ij0}/~ 
45ee74  WVXUYTZSCR\Q]PAO-N'MaLbKcJdIeHfGgFhEiDjCkBLAman?o>p=q<r;s:t9u8v7w6x5y4z3{2|1}0~/ 
64b9b2  WXVYUZTCS\R:QAP-O'NaMbLcKdJeIfHgGhFiEjDkCLBmAnao?p>q=r<s;t:u9v8w7x6y5z4{3!2>1~0. 
20c748  XWYVZUCT\SDRAQ^P'OaNbMcLdKeJfIgHhGiFjEkDLCmBnAoap?q>r=s<t;u:v9w8x7y6z5{4|3>2~1.0 
bc3d2d  XYWZVCU\TDSAR-Q'Pa0bNcMdLeKfJgIhHiGjFkELDmCnBoApaq?r>s=t<u;v:w9x8y7z6{5j4>3~2.1- 
e6c1a4  YXZWCV\U]TAS-R"QaPb0cNdMeLfKgJhIiHjGkFLEmDnCoBpAqar?s>t=u<v;w:x9y8z7<6!5>4~3.2  1 
7a663b  YZXCW\V]UAT-S,RaQbPc0dNeMfLgKhJiIjHkGLFmEnDoCpBqAras?t>u=v<w;x:y9z8{7j6>5~4.3  2! 
efa2ac  ZY[X\W]VAU-T'SaRbQcPd0eNfMgLhKiJjIkHLGmFnEoDpCqBrAsat?u>v=w<x;y:z9{8!7>6~5.4  3! 2 
c198ae  Z[Y\X]WAV~U'TaSbRcQdPe0fNgMhLiKjJkIlHmGnFoEpDqCrBsAtau?v>w=x<y;z:{9j8>7~6.5  4!3" 
97238a  [Z\Y]XAW^V'UaTbScRdQePfOgNhMiLjKkJLImHnGoFpEqDrCsBtAuav?w>x=y<z;{: |9>8~7.6  5! 4" 3 
aa0ad0  :\Z]YAX„W'VaUbTcSdReQfPgOhNiMjLkKLJmInHoGpFqErDsCtBuAvaw?x>y=z<-C;! :>9~8.7  6!  5"4# 
8cd1ba  \C]ZAY-X'WaVbUcTdSeRfQgPh0iNjMkLLKmJnIoHpGqFrEsDtCuBvAwax?y>z={<!;}:~9.8  7!6"5#4 
98f7cb  \:CAZ-Y'XaWbVcUdTeSfRgQhPiOjNkMLLmKnJoIpHqGrFsEtDuCvBwAxay?z>-C= !<};":. 9  8!7"6#5$ 
0c80ce  ]\AC-Z'YaXbWcVdUeTfSgRhQiPjOkNLMmLnKoJpIqHrGsFtEuDvCwBxAyaz?{:>!=><~;.:  9!8"7#6$5 
dcf8ca  ]A\-C'ZaYbXcWdVeUfTgShRiQjPkOlNmMnLoKpJqIrHsGtFuEvDwCxByAza{?j>}=~<.;  : !9"8#7$6% 
0d9748  A]^\'IIaZbYcXdWeVfUgThSiRjQkPLOmNnMoLpKqJrIsHtGuFvEwDxCyBzA{aj?}>~=.<  ;! :  "  9  #  8  $  7  %  6 
ff5a18  A-3'\a:bZcYdXeWfVgUhTiSjRkQLPm0nNoMpLqKrJsItHuGvFwExDyCzB{:Aja>?~>.=  <!;":#9$8%78 
3fe6b9  -A':a\b[cZdYeXfWgVhUiTjSkRLQmPnOoNpMqLrKsJtIuHvGwFxEyDzC{B!A}a~?.>  =!<";# :$9%887 
51 5664  -'Aa]b\cCdZeYfXgWhViUjTkSLRmQnPoOpNqMrLsKtJuIvHwGxFyEzD{C|B>A~a.?  >!="<#;$:% 988' 
0f1ce8  '-aAb]c\d:eZfYgXhWiVjUkTLSmRnQoPpOqNrMsLtKuJvIwHxGyFzE{DjC>B~A.a  ?!>"=#<$;%: 89 ' 8 
d99cbd  'a-bAc:d\e[fZgYhXiWjVkULTmSnRoQpPqOrNsMtLuKvJwIxHyGzF{:E!D>C~B.A  a  !?">#  =  $<%; 8:  '9( 
322b4d  a"b-cAd:e\flIgZhYiXjWkVLUmTnSoRpQqPrOsNtMuLvKwJxIyHzG{F!E>D~C.B  A ! a " ? #>$  =  %<8 ;  '  :  ( 9 
ef9c29  ab"c-dAe:f\g[hZiYjXkWlVmUnToSpRqQrPsOtNuMvLwKxJyIzH{GiF}E~D.C  B ! A " a# ?$>%  =  8< ' ; (  :  ) 
ec74ce  bac'd^eAf:g\htiZjYkXlWmVnUoTpSqRrQsPtOuNvMwLxKyJzI{H!G}F~E.D  C!B"A#a$?%>8='<(;): 
f43761  bcad'e-fAg:h\iCjZkYLXmWnVoUpTqSrRsQtPuOvNwMxLyKzJ{IjH}G~F.E  D!C"B#A$a%?8>' =(<);* 
b3a479  cbdae'f-gAh:i\jCkZLYmXnWoVpUqTrSsRtQuPvOwNxMyLzK{J|I}H~G.F  E  !D"C#B$A% 38?' >(  =  )<*; 
cb79f0  cdbeafg„hAi:j\k[lZmYnXoWpVqUrTsStRuQvPwOxNyMzL{K!J>I~H.G  F!E"D#C$B%A8a' ?(>)=*<+ 
cc2a87  dcebfag"h~iAj]k\lCmZnYoXpWqVrUsTtSuRvQwPxOyNzM{L.iK>J~I.H  GIF"  E#D$C%B8A'a(?)>*  =  +  < 
1b4685  decfbgah'i„jAk]L\mCnZoYpXqWrVsUtTuSvRwQxPyOzN{:M!L>K~J.I  H!G"F#E$D%C8B'A(a)?*>+=, 
5dcf03  edfcgbhaixj^kAL]m\n[oZpYqXrWsVtUuTvSwRxQyPzO{N!M}L~K.J  I!H"G#F$E%D8C'B(A)3*?+>,= 
cf0f70  efdgchbiaj'k-LAm]n\o[pZqYrXsWtVuUvTwSxRyQzP{0!N}M"L.K  J!I"H#G$F%E8D'C(B)A*a+?,>- 
8e0d9c  fegdhcibjak'L„mAn]o\p:qZrYsXtWuVvUwTxSyRzQ{P!0>N"M.L  K!J"  I#H$G%F8E,D(C)B*A  +  a,?-> 
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3eea20  fgehdicjbkal'm_nAo:p\qCrZsYtXuWvVwUxTySzR{QjP}0~N.M  L!K"J#I$H%G&F'E(D)C*B+A,a-?. 

fca03c  gfheidjckbLam,n^oAp]q\rCsZtYuXvWwVxUyTzS{R|Q>P~O.N  M!L"K#J$I%H&G'F(E)D*C+B,A-a.? 

ec6e74  ghfiejdkclbman,o^pAq]r\s[tZuYvXwWxVyUzT{S!R>Q~P.O  N!M"  L#K$J%I&H,G(F)E*D  +  C,B-A.a/ 

e46bb2  hgifjekdlcmbnao'p_qAr:]s\tr.uZvYwXxWyVzlKT!S}R~Q.P  0!N"M#L$K%J&I,H(G)F*E+D,C-B.A/a 

233e6e  higjfkeldmcnboap,q^rAs:t\u:vZwYxXyWzV{U|T}S~R.Q  P!O"N#M$L%K&J'I(H)G*F+E,D-C.B/A0 

bfc578  ihjgkfLemdncobpaq'r^sAt:u\v:wZxYyXzW{V!U}T~S.R  Q!P"O#N$M%LSK'J(I)H*G+F,E-D.C/B0A 

9ab11c  ijhkgLfmendocpbqar's^tAu]v\w[:xZyYzX{W!V}U~T.S  R!Q"P#O$N%M&L'K(J)I*H+G,F-E.D/C0B1 

4d3718  jikhLgmfneodpcqbras't-uAv:w\x:yZzY{X!W>V~U.T  S!R"Q#P$O%NSM'L(K)J*I+H,G-F.E/D0C1B 

53e9a2  j ki Ihmgnfoepdqcrbsaf u-vAw]x\y[zZ{Y | X)W"V.U  T!S"R#Q$P%O8N'M(L)K*J+I,H-G.F/E0D1C2 

7381 b2  kjLimhngofpeqdrcsbtau'v-wAx]y\z[{Z!Y>X~W.V  U!T"S#R$Q%P&OiN(M)L*K+J,I-H.G/F0E1D2C 

20acf2  kLjminhogpfqerdsctbuav'w_xAy:z\{II!Z>Y~X.W  V!U"T#S$R%Q&P'O(N)M*L+K,J-I.H/G0F1E2D3 

1 52764  Lkmjniohpgqfresdtcubvaw'x^yAz:{\|C>Z~Y.X  W!V"U#T$S%R&Q'P(O)N*M+L,K-J.I/H0G1F2E3D 

49579d  Lmknjoiphqgrfsetducvbwax'y_zA{:!\>[~Z.Y  X!W"V#U$T%S&R,Q(P)O*N+M,L-K.J/I0H1G2F3E4 

ba5335  mLnkojpiqhrgsfteudvcwbxay'z-{A!]}\~E.Z  Y!X"W#V$U%T&S'R(Q)P*O+N,M-L.K/J0I1H2G3F4E 

2f2f06  mnLokpjqirhsgtfuevdwcxbyaz,-C-|A}]~\.[  Z!Y"X#W$V%U8T'S(R)Q*P+O,N-M.L/K0J1I2H3G4F5 

6a6706  nmolpkqjrishtgufvewdxcybzat'  |->A~].\  H!Z"Y#X$W%V&U,T(S)R*Q+P,O-N.M/L0K1J2I3H4G5F 

efbf49  nomplqkrjsithugvfwexdyczbta!  ' }-~A. ]  \!r."Z#Y$X%W&V'U(T)S*R  +  Q,P-O.N/M0L1K2J3I4H5G6 

3f7c1f  onpmqlrksjtiuhvgwfxeydzc{b|a}'~-.A  :!\"[#Z$Y%X&W'V(U)T*S+R,Q-P.O/N0M1L2K3J4I5H6G 

bd4c7d  opnqmrlsktjuivhwgxfyezd{c!b}a""  .  M  A!IIM  \#r.$Z%Y&X'W(V)U*T  +  S,R-Q.P/O0N1M2L3K4J5I6H7 

6fa56d  poqnrmsLtkujviwhxgyfze{d!c}b~a.'  -!A,,:#\$II%Z&Y,X(W)V*U  +  T,S-R.Q/P0O1N2M3L4K5J6I7H 

47a050  pqornsmtLukvjwixhygzf{e!d>c~b.a  *  !-"A#]$\%[&Z'Y(X)W*V+U,T-S.R/Q0P1O2N3M4L5K6J7I8 

113535  qprosntmuLvkwjxiyhzg{f!e}d~c.b  a! '"-#A$]%\8C'Z(Y)X*W+V,U-T.S/R0Q1P2O3N4M5L6K7J8I 

144d7f  qrpsotnumvlwkxjyizh{g!f}e~d.c  b!a,,,#_$A%:S\,C(Z)Y*X+W,V-U.T/S0R1Q2P3O4N5M6L7K8J9 

3423b4  rqsptounvmwLxkyjzi<h|g>f~e.d  c!b"a#'$^%A&D,\(i:)Z*Y+X,W-V.U/T0S1R2Q3P4O5N6M7L8K9J 

64762c  rsqtpuovnwmxlykzjti |h>g~f.e  d!c"b#a$,%-&A,](\)C*Z+Y,X-W.V/U0T1S2R3Q4P5O6N7M8L9K: 

f9a617  srtqupvownxmylzktj | i  >h~g.  f  e!d"c#b$a%'&-,AC)\*:+Z/Y-X.W/V0U1T2S3R4Q5P6O7N8M9L:K 

5e5771  struqvpwoxnymzUk|j>i~h.g  f!e"d#c$b%a&" '-(A)]*\+[,Z-Y.X/W0V1U2T3S4R5Q6P7O8N9M:L; 

85db5e  tsurvqwpxoynzmd | k> j"i  . h  g!f"e#d$c%b&a'  '  („)A*:  +  \,II-Z.Y/X0W1V2U3T4S5R6Q7P8O9N:M;L 

c7debb  tusvrwqxpyozn{m| l>k" j . i  h!g"f#e$d%c&b'a(-)^*A+:,\-C.Z/Y0X1W2V3U4T5S6R7Q8P9O:N;M< 

cbac24  utvswrxqypzo{n|m>L~k.j  i!h"g#f$e%d&c,b(a)'*-+A,]-\.[/Z0Y1X2W3V4U5T6S7R8Q9P:O;N<M 

ed7864  uvtwsxryqzp{o|n>m~L.k  j !i"h#g$f%e&d,c(b)a*,+-,A-:.\/II0Z1Y2X3W4V5U6T7S8R9Q:P;O<N= 

32169a  vuwtxsyrzq{p|o}n~m.L  k!j" i#h$g%f&e,d(c)b*a+',^-A.]/\0C1Z2Y3X4W5V6U7T8S9R:Q;P<O=N 

79bc26  vwuxtyszr{q|p>o~n.m  L!k"j#i$h%g&f'e(d)c*b+a,'--.A/]0\i:2Z3Y4X5W6V7U8T9S:R;Q<P=O> 

45e089  wvxuytzs{r|q}p~o.n  m!l"k#j$i%h&g,f(e)d*c+b,a-■ .-/A0]1\2[3Z4Y5X6W7V8U9T:S;R<Q=P>O 

4ee0e2  wxvyuzt{s|r>q~p.o  n!m"L#k$j%i&h,g(f)e*d+c,b-a.'/-0Ai:2\3C4Z5Y6X7W8V9U:T;S<R=Q>P? 

f989db  xwyvzu{t|s}r~q.p  o ! n "m# I  $ k% j & i  'h(g)f*e  +  d,c-b.a/'0-1A2:3\4[5Z6Y7X8W9V:U;T<S  =  R>Q?P 

869caf  xywzv{u|t>s~r.q  p!o"n#m$l%k8j,i(h)g*f+e,d-c.b/a0'1-2A3:4\5C6Z7Y8X9W:V;U<T=S>R?Qa 

6c9875  yxzw{v|u>t~s.r  q!p,,o#n$m%L8k'j(i)h*g+f,e-d.c/b0a1,2^3A4]5\6[7Z8Y9X:W;V<U=T>S?RaQ 

1ba50d  yzx{w|v}u"t.s  r!q,,p#o$n%m&L,k(j)i*h+g,f-e.d/c0b1a2'3-4A5]6\7[8Z9Y:X;W<V=U>T?SaRA 

b140c9  zy{x|w}v~u.t  s!r"q#p$o%n&m' L(k)j*i+h,g-f.e/d0c1b2a3'4-5A6]7\8:9Z:Y;X<W=V>U?TaSAR 

15d133  z{y|x>w~v.u  t!s"r#q$p%o&n,m(l)k*j+i,h-g.f/e0d1c2b3a4,5-6A7]8\9[:Z;Y<X=W>V?uaTASB 

8eb266  {zjy>x~w.v  u!t"s#r$q%p&o'n(m)L*k+j,i-h.g/f0e1d2c3b4a5,6^7A8]9\:[;Z<Y=X>W?vaUATBS 

9bde2c  { | z>y~x.w  v!u"t#s$r%q&p,o(n)m*L+k,j-i.h/g0f1e2d3c4b5a6'7_8A9]:\;C<Z=Y>X?WaVAUBTC 

21e1c4  j  Oz~y  .x  w!v"u#t$s%r8q,p(o)n*m+L,k-j.i/h0g1f2e3d4c5b6a7'8-9A:];\<C=Z>Y?xaWAVBUCT 

41b188  |  M~z.y  x!w"v#u$t%s8r'q(p)o*n+m,L-k.j/i0h1g2f3e4d5c6b7a8,9^:A;]<\=C>Z?YaXAWBVCUD 

ed5a3a  >  j  ~  {  .  z  y!x"w#v$u%t&s,r(q)p*o+n,m-l.k/j0i1h2g3f4e5d6c7b8a9'  :^;A<]  =  \>[?ZaYAXBWCVDU 

9cebb3  >~| .  {  z!y"x#w$v%u&t,s(r)q*p+o/n-m.l/k0j1i2h3g4f5e6d7c8b9a:';-<A=]>\?:aZAYBXCWDVE 

e4be9d  ~>. |  {!z"y#x$w%vSu,t(s)r*q+p,o-n.m/L0k1j2i3h4g5f6e7d8c9b:a;'<-=A>:?\a:AZBYCXDWEV 

97a297  ~.  >  | !{"z#y$x%w&v,u(t)s*r+q,p-o.n/m0L1k2j3i4h5g6f7e8d9c:b;a<,=->A?]a\A[BZCYDXEWF 

d43633  . "  >!  !"-C#z$y%x&w,v(u)t*s  +  r,q-p.o/n0m1L2k3j4i5h6g7f8e9d:c;b<a  =  ,>_?AaDA\Bi:cZDYEXFW 
b6af 5a 

44529f  This  is  random  noise  with  every  printable  ASCII  character: 

094411  Qt!d6p07F-  f3NY*}TCb0  yxW+<"-3W1  Vs<DCSjM=N  k(ujYQMiLE  !M|$*0X<6/  0SM#?{Ajf*  \qJ 

165bf0  +=2U~qV  kZ8y1Q03A\  ,J(}xo8iI  5R2D(q3A  ••5yHf'hBcZN  hT?bAELg:A  M  B?4"?46Q  A55DWu 

05b360  |$9e  UEvzrA6Nyc  <  c;=wQn#-  50\+L'A/6w  -oEltfsccC  •$9"xgm{ur1  M9n+C>BPPL  u6Agy%(wf 

1625e6  -  e#xT  kD..q  |>!x=NFik:  -Mw0*Lv4}Z  t/5'SCLCef  f ^[ 5 $B~>a ,  6<G#1\~kqs  'QKG>k.8*q  b 

6f4b1a  %f&$%C0BY  jDXG\D6M<=  dd;No>Xb!<  e?hjbx.:3u  x=Q:S~Smz6  6d3T:  SSd9  M!SC/md%bZ  4uo0 

12983f  IZ+_+B  Hs-HG0*]$W  T z k ? \ n " 8 . 3  {CTSN5AmV$  31'DSeE+By  -9'!8x)K$"  YU:k2)B6hS  Lw40=aq 

d97aef  4A!  "zbx$.y&yS  4<k:^"  0bm  t:B5-VS.!U  cK+qF.hvg|  S5pV2!6|S+  H=E~pP  GVc  aR6p;.X5?- 

343a33  -0Z.vW4#o\  2X2bUV76Fx  Hf!h=3(GX5  03{dT~R.=d  0E<#\RIR8$  6iTFn{~!!,  |quyD!7)dc  }f 

57d159  (M0Cb2rx  D=k=<l>F,8  ~2\!Fbb*/a  7/~or.-h*$  rA3]\fiu~h  CfL;JVJ,E-  AL+0-tVlwJ  8%-"k 

0cda24  #>T)V  RrcS:LHv%i  . 6Q  mbw531  >0&A,WG-my  Q}j;FaA1SL  TL25DGERAc  a&L:JI(EyW  aofa.tDZ 

598658  :x  L.IqTxP8Y3  CJfmO)g$II  -i##+A=%bf  )Xd  'zY:3>  yk.  P3Fv%T  (WicqnDXtJ  aJ6Y"ML  ,d- 

c0598a  :d6J,-0]jU  Q6$=ZY:#ex  { RL F ? LR  !  2m  H8oReM;8\L  K'7B*};Tv  ">*Kp,A[o$  \TWoocY;A  BUS 
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— e140  001c21fe2aei 


94e666 
0ea601 
794467 
e5a601 
9f33f9 
3137c3 
29a601 
438bb8 
85af 5a 
851496 
c50a97 
1e36b1 
a  1  a  f 5a 
394cdd 
393067 
d3e7e6 
d94e2f 
49e81b 
095163 
df aacd 
05b32f 
52f 118 
6f  af  5a 
b2b8ac 
a32d31 
c33e7b 
a0024c 
8b3cd0 
2baf 5a 
9f2516 
3f3db3 
68e002 
342ea8 
be0b86 
ca4d5a 
5a 1 aea 
264656 
425ba7 
a04921 
e4fc5c 
4fce26 
b9e5b0 
df 1549 
bd93df 
68a0de 
e71 aea 
fdaf5a 
a97b7d 
4d541c 
2e88c3 
c77d01 
9d1aaf 
e98e77 
eaa6b3 
db097b 
4cbd21 
3c4d5a 
3d4ccd 
e25291 
47b547 
c17ad4 
019f82 
23af 5a 
97e546 
591aea 
4f6f  e7 
caca06 
c2ef e6 


/us  r 
boot : 


i/per 
ip  — 


12  Page  1  of  boot  strap 


Simpler  version  of  unmunge  for  bootstrapping 


Unmu 
■  •  pe 


nge 
rl  - 


this 
ne  ' 


file  us  i  n 
if  (s/A  *[ 


$Id:  bootstrap, v  1.15 


ub  Fa 
ub  Ma 

ub  Ta 

Stab, 
;edi  to 
:i  nFi  L 
loFi  Le 

•  •  ■  op 

•  ■  -  fo 


tal> 

bSkii 

$yen 
r  = 
e  = 
:  { 
en(I 
r  ($ 
s/ 
ne 
($ 

# 

wh 

s/ 

s/ 

s/ 


,$pi 
$ENV 
$ARG 

N,  " 
Line 
A\s  + 
xt  i 
pref 

Com 
i  Le 

(  + 
$tmp 
\s*$ 


■C    print 
■C    my     ($a 

{    StabWi 

Lc,$cdot,$ 
{  'VISUAL' y 
V  L~  0  ]  ; 

<$i  nFi  Le" ) 
Num  =  1;  ( 
//;  -s/\s+ 
f  (/A$/);> 
ix,  $seenC 

ect  the  nu 
(s/$tab(  * 
)/"  "  .  ($ 
1  /  $  t  a  b  /  g  ; 
/  \  n  /  ;  > 


g: 

A-\sH\S{4,6}  ?//)  {  s/C\244\245\267]/  /g;  print;  }' 

1997/11/14  03:52:53  mhw  Exp  $ 

STDERR  3-;  •  e  x  i  t  (  1  )  ;  } 

,  $b)  =  S)-;  -($a  >  $b)  ?  $a  :  $b;  } 

dth  -  1  -  (  Length($^[0])  %  StabWidth);  } 

tmp1,$tmp2)  =  ("\244","\24  5",M\266","\267","\377,,  ," \376"); 
jj  $ENV<' EDITOR' >  j  j   '  v  i  '  ; 


!  !  d  i  e  ; 
$-  =  <IN>);  $LineNum++)  { 
$//;>    #  Strip  Leading  and  traiLing  spaces 

>  #  Ignore  bLank  Lines 

RCStr,  Sdummy,  $-)  =  /  A  (  \  S <2>  )  (  \  S i 4}  )  (  (.*))?/; 

mber  of  spaces  after  each  tab 

)/$tmp1  .  ($tmp2  x  &Max( Length($1  ),  STa bS k i p ($')))/ e  )  O 

cdot  x  Length($1))/eg;t>  #  Correct  center  dots 

*s/$tmp2/  /g;  -#  Restore  tabs  and  spaces  from  correction 

>  U    Strip  traiLing  spaces,  and  add  a  newLine 


r  c 


($c 

•  cL 

•  un 

•  af 

•  ao 

•  sy 

•  an 
■  re 

•  SF 


$da t a  ne 
$  d  a  t  a  )  ; 


ti    Calculate  CRC 
subst r($data,  1 ) )  { 


SseenCRC 

data  =  $_; 

re  A=  ord ( 

r  (1 . .8)  { 

$crc  =  ($crc  >>  1)  A  (($crc  8  1)?  0x8408 


re  !=  hex ( SseenCRCSt r  )  )  {>> 

ose(IN);  -cLose(OUT); 

LinkOfi  lesCreated); 

ilesCreated  =  (); 

IdStat  =  stat(SinFiLe); 

stem($editor,  "+$lineNum",  SinFile); 

ewStat  =  stat(SinFile); 

do  doFile  if  ($oldStatC9D  !=  $newS t a t C9]  ) 

atal("Line  $LineNum  invalid:  $„"); 


#  CRC  mismatch 


#    Check  mod  date 


(Sprefix  eq  ' -- '  )  { >  >        t>        #  Process  header  Line 
■($code,  SpageNum,  SfiLe)  =  /A(\S<:19>)  Page  (\d+)  of  (.*>/; 
•StabWidth  =  hex ( subs t r ( $code ,  11,  1 ) ) ; 
•  i  f  ($f i  le  ne  SlastFi  le)  { 

print  "$file\n"; 

SFataK"  SfiLe:  already  exists\n"  )  if  (!$f  S8  (-e  SfiLe)) 

c  I  o  s  e  (  0  U  T  )  ; 

open(0UT,  ">$file")  jj  &Fatal(" SfiLe:  $  !  \  n "  )  ; 

pushOfilesCreated,  (SLastFile  =  SfiLe)); 


> 

>else-C>  > 

•"■s/$tab(    *)/"\t" . ( 

s/$yen\n/\f/;> 

■■••s/$pilc\n//;> 
s/$cdot/  /g;t> 

••••print  OUT; 

> 

ose(IN);  -close(OUT); 


>        >        #  Unmunge  normal  Line 
x  (Length($1)  -  STabS k i p ($)))/ eg ; 

#  Handle  form  feeds 

#  Handle  continuation  lines 

#  Center  dots  ->  spaces 
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— ac52  001077b880880010003  Page  1  of  bootstrap2 

94e666  ft  ! / u s r / b i n  /  pe r I  -s 

0ea601  ft 

e04352  ft    bootstrap2  --  Second  stage  bootstrapper,  a  version  of  unmunge 

91a601  ft 

849cbb  ft    SId:  bootstrap2,v  1.4  1997/11/14  03:52:54  mhw  Exp  $ 

b4af 5a 

5dd22f  sub  Cleanups     -C  close(IN);  -close(OUT);  •  unlinkOf  i  les);  •  a  f  i  I  e  s  =  ();  } 

cd2a1e  sub  FataU       {  8CLeanup();  -print  STDERR  a_;  •  e  x  i  t  (  1  )  ;  > 

a136b1  sub  TabSkipo     i    StabWidth  -  1  -  (  Length  ( $_C03  )  %  StabWidth);  } 

9a172b  sub  TabFix>      {  my  (Sneeded,  Sactual)  =  ( STa bS k i p ( $„C 0  :  )  ,  L eng t h ( $^[ 1  ]  )  )  ; 

735323  •••■$tmp1  .  ($tmp2  x  Sneeded)  .  ("  "  x  (Sactual  -  Sneeded));  } 

4b20f4  sub  HumanEditr   {  my  ( $  f  i  L  e ,  $  I  i  n  e  ,  Smessage)  =  (  $  i  n  F  i  I  e  ,  a  _ )  ;  -8Cleanup(); 

0c2db1  ••••aoLd  =  stat(Sfile);  • system($edi tor,  "+$line",  SfiLe);  -anew  =  stat(Sfile); 

bc77e8  -•••redo  doFiLe  if  (So  Id [9]  !=  $newC9]);t>        ft    Check  mod  date 

d77c59  ••••&FataL("Line  Sline,  ",    Smessage);  > 

16af 5a 

104cdd  ($tab,$yen,$pilc,$cdot,$tmp1,$tmp2)=C \ 244 "  ,  " \ 245 " , " \ 266" , " \267" , " \377" , "\376"); 

f43067  Seditor  =  $  E  N  V  {  ' VISUAL'}  |j  SENVCEDITOR1}  ||   '  v  i  '  ; 

4da6f7  (  $  i  n  F  i  I  e  ,  Smanifest,  arest)  =  a  A  R  G  V  ; 

6bbb70  if  (Smanifest  ne  "")  { >  >        ft    Read  manifest  fiLe 

229970  •  •  •  • open(MANIFEST,  "<$manif est")  ||  S Fa t a L ( " $ma n i f es t  :  $!\n"); 

d5e3e3  ••••whiLe  (<MANIFEST>)  {  $dir  =  $1  if  / A D \ s  + (.*)$/ ; 

449857  >        $indexC$1]  =  $dir  .  $2  if  / A ( \d+ ) \ s+ (.*)$/ ;  > 

bcefe6  > 

954e2f  doFiLe:  { 

ec779a  SseenPCRC  =  $pcrd  =  0;  -SlastFlags  =  1  ;  -SlastFileNum  =  0; 

342616  ••••openClN,  "<$inFiLe")  ||  &FataL("$inFiLe:  $!\n"); 

d7c787  ••••for  ($Line  =  1;  ($„  =  <IN>);  $Line++)  i 

Idaacd  t>        s/A\s  +  //;  *s/\s  +  $//;>    #  Strip  Leading  and  trailing  spaces 

75b32f  >        next  if  (/A$/);t>>        U     Ignore  bLank  Lines 

2df118  >         (Sprefix,  SseenCRCStr,  $dummy,  $_)  =  / A (  \  S<2>  )  (  \  S {4}  )  (  (.*))?/; 

8e3e5a  >        while  (s/$tab(  * ) /8Ta  b  F  i  x  ( $  *  ,  $1)/eo)  {>  -ft    Correct  spaces  after  tabs 

dcdb12  >        s/($tmp2|  )(  +)/$1  .  (Scdot  x  Length($2))/ego;t  ft    Correct  center  dots 

fa4668  >        s/$tmp1/$tab/go;  -s/$tmp2/  /go;  -ft    Restore  tabs/spaces  from  correction 

5e3cd0  >        s/\s*$/\n/;t>     >        ft    Strip  trailing  spaces,  and  add  a  newline 

15af 5a 

160460  >        $crc  =  0;  -$pcrc  =  $pcrd;t>  ft    Calculate  CRCs 

bc3db3  >        for  ($data  =  $^;  $data  ne  "";  $data  =  substr($data,  1))  { 

d860ae  t>        $crc  A=  ord($data);  -$pcrd  A=  ord($data); 

2d28f0  >        ••••for  (1..8)  i    $crc  =  ($crc  >>  1)  A  (($crc  S  1)  ?  0x8408  :  0); 

1700f2  >  $pcrd  =  ($pcrd  >>  1)  A  (($pcrd  &  1)  ?  0xedb88320  :  0);  > 

441 aea  >  } 

21e7eb  >         (SseenPLCRC,  SseenCRC)  =  map  {  h  e  x ( $ - )  >  (Sprefix,  SseenCRCStr); 

244eda  t>  &HumanEdit($line,  "CRC  faiLed:  $-")  if  $crc  !=  SseenCRC; 

fd7b7d  t>        if  (Sprefix  eq  '--')  { t>     >  ft    Process  header  Line 

332129  t>        ••••8HumanEdit($Line  -  1,  "Page  CRC  faiLed")  if  Spcrc  !=  SseenPCRC; 

98991f  >  •  •  -  •  (ShumanHdr,  SpageNum,  SfiLe)  =  / A  \  S -C 1  9  >  (Page  (\d+)  of  (.*))/; 

b63710  i>  ••••(Svers,  SfLags,  SseenPCRC,  StabWidth,  SprodNum,  SfiLeNum)  = 

d62c3f  >  map  {  hex(S-)  >  / A ( \ S ) ( \ S \ S ) ( \ S <8> ) ( \ S ) ( \ S<3>  )  (  \  S £4}  )  /  ; 

4d0b72  >        -•••if  (SfiLeNum  !=  $ L a s t F i L eNum  )  { 

4970bd  t>  print  STDERR  "MISSING  files\n"  if  SfiLeNum  !=  SlastFileNum  +  1; 

4d6102  t>  SFataLC Missing  pages\n")  if  SpageNum  !=  1  ||  !($LastFLags  &  1); 

7d6aeb  t>  >        i  f  (Smanifest  ne  "")  -C 

24fd6f  >         >         ••••($_  =  SindexCSf i LeNum])  =~  m%(CA/]*)$%; 

f9ae35  >  ••••SFataLC Manifest  mismatch\n")  if  (SfiLe  ne  $1); 

0f50d2  >  ••••(SfiLe  =  $„)  ="  s  |  /+  |  mkd  i  r  ( $  '  ,  0777),  "/"|eg;  -ft    mkdir  -p 

e9467a  >        >        > 

f98e77  >  SFataLCSf i Le:  already  exists\n")  if  (!$f  8S  (-e  SfiLe)); 

895c6f  >  cLose(OUT);  -open(0UT,  ">$file")  ||  8  Fa t a L ("$f i  L e :  $!\n"); 

0fb066  v  pushOfiles,  SfiLe);  -print  "SfiLeNum  $file\n"; 

969957  >        ••••}  else  { 

03efb5  >  SFataLC MISSING  pages\n")  if  (SpageNum  !=  SlastPageNum  +  1); 

294d5a  >        > 

8fba7e  t>        ----(SLastFLags, SlastFileNum, SlastPageNum)  =  (SfLags, SfiLeNum, SpageNum); 

3ce809  >        •  •  •  • $ p c  r  c 1  =  0; 

e14ccdt>        }  else  <t>         >         >  >        //  Unmunge  normal  line 

f61c35  t>        ■  •  •  •  SHumanEdi  t  (SLine,  "CRC  faiLed:  $_")  if  (Spcrd  >>  24)  !=  SseenPLCRC; 

fc65f0  &        ••••s/$tab(  *)/"\t".("  "  x  (Length($1)  -  8TabSkip($')))/ego; 

c6c825  c>        s/$yen\n/\f/o;  •  s/Spi  lc\n//o;  -s/Scdot/  /go;  -print  OUT; 

3b1  aea  t>        } 

206f e7  • • • • } 

07efe6  > 
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This  chapter  contains  a  complete  listing  of  the  C-language  software  that  we  wrote 
to  control  the  DES  Cracker  hardware.  This  software  provides  a  simple  user  inter- 
face for  testing  the  hardware,  setting  up  problems  to  be  solved  by  searching 
through  the  possible  keys,  and  running  such  searches.  We're  publishing  it  to  show 
both  people  and  machines  how  to  control  the  DES  Cracker. 

This  version  of  the  software  is  fairly  rudimentary;  it  doesn't  include  a  graphical 
user  interface,  collaborate  with  others  across  the  Internet  to  speed  up  brute  force 
cracking  attempts,  etc.  By  the  time  you  read  this  book,  there  will  probably  be  a 
better  version  of  the  software,  which  you  will  be  able  to  read  about  in  our  web 
pages  at  http://www.eff.org/pub/Privacy/Crypto_misc/DES_Crack- 
ing/. 

This  software  is  known  to  build  and  run  in  a  "DOS  Window"  under  Windows  95 
on  a  PC  using  the  Borland  C++  Compiler,  version  3.1.  It  also  compiles  cleanly 
using  Microsoft  Visual  C++  version  5. 

The  software  is  documented  in  the  file  readme  .  txt. 

For  details  on  why  these  documents  are  printed  this  way,  and  how  to  scan  them 
into  a  computer,  see  Chapter  4,  Scanning  the  Source  Code. 
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7bf681 

1 

MANI FEST 

ec8ce7 

2 

readme.txt 

05e777 

3 

autoconf  .  c 

cedb16 

4 

bu  i  L  d . ba  t 

a0056e 

5 

ch  i  pi  o  .  c 

151 f 75 

6 

c  h  i  p  i  o  .  h 

1a8e30 

7 

des  .  c 

1 1db2a 

8 

des  .  h 

0aa  c3f 

9 

initsrch.c 

0f78d8  10  keyblock.c 

f699dd  11  keyblock.h 

ba96cf  12  search. c 

5127f6  13  search. h 
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e0af  5a 
1 aa  f  5a 

d44c86  README  FOR  DES  SEARCH  ENGINE  CONTROLLER  SOFTWARE 

a  fa  f  5a 

29825e  April  23,  1998 

4aa  f  5a 

0eaf  5a 

fb3fcf  Written  1998  by  Cryptography  Research  (http://www.cryptography.com) 

216a64  for  the  Electronic  Frontier  Foundation  (EFF).  -Placed  in  the  public 

4ad8d3  domain  by  Cryptography  Research  and  EFF. 

a7a  f  5a 

50ff62  This  is  unsupported  free  software.  -Use  and  distribute  at  your  own 

e0daf4  risk.  U.S.  law  may  regulate  the  use  and/or  export  of  this  program. 

ffeaa2  Foreign  laws  may  also  apply. 

f  7af  5a 

b4af  5a 

34af 5a 

fa176f  

b1a6ff  Section  1:  -Compiling  the  Programs. 

79af 5a 

801 f 8 1  Compiling  the  programs  should  be  easy.  -Using  32-bit  Microsoft  Visual 

a26186  C++  for  Windows  compile  as  shown  below.  -For  Borland  C++  or  other 

1d3a41  compilers,  replace  "cl"  with  the  compiler  name  (e.g.,  bcc).  -On  a  16- 

7c7812  bit  DOS  compiler  with  a  large  search  array,  the  large  memory  model 

3f769d  (Borland's  "-ml"  flag)  is  required  or  the  system  will  run  out  of 

392d57  memory. 

62af 5a 

ce209c  ■••>  cl  search. c  keyblock.c  chipio.c  des.c 

fcc3fb  •-•>  cl  initsrch.c  keyblock.c 

6b758b  ■••>  cl  autoconf.c  chipio.c 

7057a9  ■••>  cl  testvec.c  sim.c  des.c 

42af 5a 

b8af 5a 

leaf  5a 

ea176f  

93e4fb  Section  2:  -Auto-Configuring  the  Search  Array. 

80af 5a 

19d9c3  The  auto-configuration  program  is  an  important  part  of  the  DES 

292f7e  Cracker.  -Because  there  are  a  large  number  of  chips  in  the  system,  it 

9fb6be  is  inevitable  that  a  few  fail.  -By  automatically  removing  defective 

0d0b4b  units,  it  is  not  necessary  to  repair  the  system  when  failures  do 

4f9dc9  occur. 

a8af 5a 

018826  The  program  "autoconf.exe"  will  automatically  identify  the 

6f723b  configuration  of  a  search  array.  -With  the  I/O  port  base  address  at 

cd7d24  210  hex,  simply  run  the  program  with  the  command: 

5daf 5a 

75065b  •••>  autoconf  search. cfg  -t 

98af 5a 

c7e245  Note  that  the  "-t"  flag  performs  register  testing  (recommended  if  the 

dfdfea  search  system  might  contain  defective  chips  that  need  to  be  avoided). 

e003e2  If  the  I/O  port  is  at  an  address  other  than  210,  specify  the  address. 

ff49ba  The  "-v"  flag  provides  verbose  output.  -For  example: 

daf  5a 

2faf9f  •••>  autoconf  search. cfg  210  -t  -v 

26af 5a 

185f44  When  autoconf  completes,  it  will  print  the  total  number  of  chips  to 

bae103  the  screen  and  save  the  configuration  information  to  the 

f44721  configuration  file.  -The  configuration  can  be  edited  (e.g.,  with 

942a9c  grep)  to  remove  defective  units  not  caught  with  autoconf. 

8daf 5a 

70e81e  (Note  that  this  first  release  does  not  implement  search  unit  testing* 

7f1a7b  code  except  for  the  register  tests.)- 

74af 5a 

d9af 5a 

47af 5a 

cd176f  

261 1 d1  Section  3:  -Initializing  a  Search. 

40af 5a 

7c71c4  The  search  parameters  have  to  be  specified  before  a  key  can  be  found. 

0b480d  The  program  initsrch  creates  a  "search  context"  file  that  contains 

443422  these  search  parameters  and  a  list  of  the  regions  of  keyspace  that 
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6d2d23 
f3af 5a 
757db9 
03be37 
b17249 
34af 5a 
f 0a5ad 
d4af 5a 
83b591 
a473ca 
98af 5a 
953b91 
096098 
30af 5a 
45b5a1 
442856 
019879 
31e1fd 
ddbb69 
e9af 5a 
5eaf 5a 
2edf 4c 
ccaf  5a 
06f 1ec 
4dd2c9 
0f91b5 
c281eb 
95792f 
6f b05a 
dlaf 5a 
f caf 5a 
68cc8f 
9aaf 5a 
6e7074 
1edf f 6 
d92df 0 
234bf0 
470b54 
0ded96 
98f bc6 
f 8af 5a 
bca  f  5a 
a7fe29 
ca  a  f  5  a 
f 85465 
bae166 
aa45de 
6c4548 
09af 5a 
18af 5a 
706ad7 
0caf 5a 
20b2e8 
4f 29b1 
98ce02 
2851 f 0 
68af 5a 
6baf 5a 
f ba0ab 
e2af 5a 
f 4f 30d 
a  1  c03a 
f 21978 
3cab72 
6ca  f  5a 
114c2d 
5baf 5a 
b6c924 
984f e4 
caf7a9 
ea0906 
9ad545 


remain  to  be  searched. 

The  search  parameters  can  either  be  entered  into  initsrch  or 
specified  on  the  command  Line.  -To  enter  them  manually,  run  initsrch 
with  no  parameters: 


>  initsrch 


The  program  will  then  prompt  for  the  search  context  file 
enter  for  the  default  filename  ("search.ctx")  . 


Press 


Next,  the  program  will  prompt  for  a  search  mode.  -Five  modes  are- 
supported  and  are  described  in  the  following  sections.- 

K  -  Known  plaintext 

E  -  ECB  ASCII  text 

C  -  CBC  ASCII  text 

B  -  Blaze  challenge 

M  -  Manual  parameter  specification 

1.  -Known  plaintext  searching 

This  is  the  simplest  (and  most  common)  mode  of  operation.  -If  a 
complete  DES  p  I  a i n t ex t / c i phe r t ex t  pair  is  known,  this  mode  can  be 
used  to  quickly  search  for  the  key.  -When  prompted,  enter  the 
plaintext  in  hexadecimal  form  (e.g.,  "123456789ABCDEF0")  and  press 
enter.  -Next,  enter  the  ciphertext,  also  in  hexadecimal.  The  program 
will  then  create  a  search  context  file  and  exit. 

2.  -ECB  ASCII  text  searching 

If  your  target  message  is  known  to  be  ASCII  text  and  was  encrypted 
using  DES  ECB  mode,  enter  two  different  ciphertexts.  -The  program 
will  create  the  search  context  file  and  exit.  -The  program  is 
configured  to  include  all  letters  ("a-z"  and  "A-Z"),  numbers  ("0-9"), 
and  common  punctuation  (ASCII  zero,  tab,  linefeed  carriage  return, 
space,  and  common  punctuation  (!"'(),-.  A- )  .  -For  other  character 
sets,  use  the  manual  parameter  specification  option. 

3.  -CBC  ASCII  text  searching 

If  your  message  is  ASCII  text  and  was  encrypted  using  DES  CBC  mode, 
this  option  lets  you  specify  an  initialization  vector  and  two 
ciphertext  messages.  -The  CBC  mode  ASCII  option  uses  the  same  ASCII 
text  characters  as  ECB  ASCII. 

4.  -The  Blaze  challenge 

Matt  Blaze's  DES  challenge  involves  searching  for  a  key  such  that  a 
repeated  plaintext  byte  produces  a  repeated  ciphertext  byte.  -This 
option  will  search  for  keys  that  meet  the  challenge.  Simply  specify 
the  desired  repeated  ciphertext  byte. 

5.  -Manual  parameter  specification 

The  manual  parameter  mode  allows  direct  control  over  the  search 
parameters.  The  manual  mode  requires  entering  more  data  than  the 
other  modes;  it  is  often  easier  to  pipe  input  from  a  script  file, 
e.g.: 

-••>  initsrch  <  search,  scr 

First,  enter  the  plaintext  vector.  -This  is  64  hex  digits  long  and 
specifies  the  bytes  that  can  appear  in  "valid"  plaintexts.  The  most 
significant  bit  of  the  left-hand  digit  specifies  whether  ASCII  255 
can  appear,  and  the  least  significant  bit  of  the  last  digit  specifies 
whether  ASCII  zero  can  appear.  For  example,  the  plaintext  vector  for 
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569be0  the  ASCII  text  modes  is: 

45af 5a 

328424  • • -0000000000000000000000000000000007FFFFFFC7FFFFFE8FFF738700002601 

47af 5a 

6294a7  Next,  enter  the  initialization  vector  for  the  first  DES,  if  any. 

6b8f16  This  will  be  XORed  onto  the  first  plaintext  before  its  validity  is 

5587b3  checked. 

b6af 5a 

f4fd67  Next,  enter  the  two  ciphertexts  (ciphertext  0  and  ciphertext  1). 

aaf°a7  These  may  be  the  same  or  different. 

a2a  f  5a 

d4a2dd  Next,  enter  the  plaintext  byte  mask.  -This  sets  bits  that  should  be 

f36fe4  ignored  in  the  plaintext.  -For  example,  if  the  left-hand  byte  of  the 

cac85d  plaintext  is  unknown  or  can  have  any  value,  the  plaintext  byte  mask 

379f87  would  be  set  to  80  (hex). 

11af 5a 

9d87cc  Finally,  enter  the  searchlnfo  byte.  Bit  1  of  this  byte  specifies 

97a928  whether  CBC  mode  should  be  used.  -If  so,  the  first  ciphertext  will  be 

595ef9  XORed  onto  candidate  plaintexts  produced  by  decrypting  the  second 

2dff09  ciphertext.  -Bit  2  of  searchlnfo  specifies  whether  the  extraXor 

13de86  operation  should  be  done.  This  operation  XORs  the  right  half  of  the 

8aac2c  plaintext  onto  the  left  half  before  it  is  checked.  -(For  the  Blaze 

06de4f  challenge,  the  desired  plaintext  has  a  single  byte  repeated.  -The 

13ab4a  extraXor  operation  will  set  the  left  half  of  the  plaintext  to  zero  if 

c6781e  the  plaintext  is  good.  -The  p  I  a i n t ex t By t eMa s k  can  then  be  set  to  0x0F 

e2b3f0  to  ignore  the  right  half  and  the  plaintextVector  has  only  the  bit  for 

521 d7e  ASCII  zero  set . ) 

39af 5a 

Ibaf 5a 

4c288d  5.  -The  search  context  file 

8daf 5a 

179dcb  The  search  context  file  contains  a  header,  the  search  parameters,  and 

8f1477  2A24  bits  corresponding  to  the  unsearched  key  regions.  -The  search 

91edfe  parameters  are:  plaintextVector  (32  bytes),  p  I  a i n t ex t Xo rMa s k  (8 

55d722  bytes),  ciphertext0  (8  bytes),  ciphertextl  (8  bytes), 

3583fb  p  la i nt extBy t eMa s k  (1  byte),  and  searchlnfo  (1  byte).  -Each  search 

421808  region  includes  2A32  keys.  The  first  bit  (the  MSB  of  the  first  key 

c79bf0  region  byte)  corresponds  to  the  keys  00000000000000  through 

462847  000000FFFFF FFF,  in  56-bit  notation.  -(To  produce  the  56-bit  form  of  a 

f  2 1 7  51  64-bit  DES  key,  delete  the  eight  parity  bits.) 

d6af 5a 

efaf 5a 

f 5af 5a 

481 76 f  

81999d  Section  4:  -Running  a  Search. 

d  a  f  5a 

05ae2f  The  most  common  way  to  run  a  search  is  to  type: 


5caf 5a 

057f42  -••>  search  search. cfg  search. ctx  logfile  -q 

2faf 5a 

80edd9  The  "-q"  flag  requests  quiet  output,  which  prints  less  information  to 

e101f1  the  screen.  -The  search. cfg  file  is  produced  by  autoconf,  and 

2200bc  search. ctx  is  produced  by  initsrch.  -The  logfile  will  contain  a  list 

f4a0ec  of  candidate  keys  encountered. 

12af 5a 

223e71  If  a  search  is  stopped  partway  through,  work  done  in  partially- 

0c0b95  completed  key  regions  is  lost,  but  completed  regions  are  noted  in  the 

a252e6  search  context  file.  -Note  that  a  complete  search  will  produce  a 

433e44  rather  large  amount  of  data  in  the  logfile.  -If  hard  disk  space  is 

649464  limited,  it  may  be  desirable  to  stop  the  search  occasionally  (for 

9ad667  example,  daily)  to  purge  the  logfile. 

c2af 5a 

5daf 5a 

leaf  5a 

8b176f  

f98443  Section  5:  -Porting  to  other  platforms. 

d9af 5a 

9aa861  When  porting  to  other  platforms,  some  code  changes  or  additions  may 

9a17dd  be  required.  -The  following  may  not  be  found  on  all  systems: 

49af 5a 

0946df  stricmp:  ---This  is  a  c a s e- i n sen s i t i ve  strcmp  found  on  many 

659051  compilers.  -If  it  isn't  present,  you  can  either  use  strcmp 
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70faf5  (though  commands  will  become  case  sensitive)  or  write  one. 

4daf 5a 

57970a  SEEK-SET:  --A  constant  (equal  to  zero)  used  to  tell  fseekO 

bdc708  to  go  to  a  fixed  offset.  -Usually  defined  in  stdio.h 

02af 5a 

ca5e28  kbhit(void):  -Returns  true  if  a  key  has  been  pressed.  (Used  to 

662151  check  for  commands  during  searches.) 

bbaf 5a 

6d2832  getch(void):  -Reads  a  keystroke  from  the  keyboard. 

4daf 5a 

c13802  i npo r t b ( uns i gned  portNum):  -Reads  a  byte  from  an  I/O  port.  Used 

5c2f71  only  by  chipio.c.  -On  other  platforms,  inportb  may  need  to 

27977e  • be  emulated.  -(For  Visual  C  +  +  ,  inportb  is  implemented  in 

3c461d  chipio.c  as  inline  assembly  language.) 

97af 5a 

9e58f5  outportb(int  portNum,  int  value):  -Sends  a  byte  to  an  I/O  port. 

59dbb1  Used  only  by  chipio.c.  -On  other  platforms,  outportb  may 

3bb05f  need  to  be  emulated.  -(For  Visual  C  +  +  ,  outportb  is 

0f88ab  implemented  in  chipio.c  as  inline  assembly  language.) 

a3a  f  5a 
leaf  5a 
bbaf 5a 

f7176f  

a166bf  Section  6:  -Final  comments 

15af 5a 

05182b  As  this  code  goes  to  press,  there  was  little  opportunity  for  testing 

a3aa2b  and  the  code  has  not  undergone  any  of  the  assurance,  code  review,  or 

a4419d  testing  processes  we  normally  use.  -When  working  on  the  code,  you 

57167e  you  may  find  a  few  bugs.  -Feedback,  as  always,  is  appreciated. 

9baf 5a 

dba0c7  Paul  Kocher,  Josh  Jaffe,  and  everyone  else  at  Cryptography  Research 

969732  would  like  to  thank  John  Gilmore  and  the  EFF  for  funding  this  unique 

1930dc  project,  and  AWT  for  their  expert  hardware  work! 

37af 5a 

9faf 5a 
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8  d  2  d  0  3  /****************************************************^ 

caf463  •*  autoconf.c  * 

4  740b6  •*  Search  Engine  Controller  Program  * 

c429eb  •*  * 

6c09fc  ■*  ---Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  ••■* 

938aaf  •*  and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  * 

b9caeb  •*  Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  * 

184992  ■*  -THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK.  •* 

2129eb  ■*  * 

6cc755  -*  -IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM.  -* 

5529eb  -  *  * 

0  34  89b  .******************************************************* 

5129eb  -*  * 

3215cb  •*  ••  IMPLEMENTATION  NOTES:  * 

f829eb  •*  * 

dfa8b8  ■*  --This  program  automatically  determines  the  configuration  of  a  search  ••••* 

491db9  -*  --array.  -Additional  diagnostic  code  should  be  added  to  detect  common  -■••* 

2e87f9  •*  --chip  failures  (once  these  are  known).  * 

fe29eb  •*  * 

2  6489b  -********************************************************^ 

3b29eb  -*  * 

286eef  •*  --REVISION  HISTORY:  * 

5429eb  -*  * 

4528d9  •*  --Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF.  * 

3b486f  •*  Note:  Detailed  diagnostic  tests  not  implemented  yet.  * 

c829eb  -  *  * 

3  4d8c3  -********************************************************** 
29af 5a 

05bcd3  //define  SOFTWARE-VERSION  "1.0" 

9aa5c9  //define  SOFTWARE-DATE  •••"04-21-1998" 

86af 5a 

d7af 5a 

d4bea3  //include    <stdlib.h> 

a4feb2  #include    <stdio.h> 

ddbb5f  //include    <assert.h> 

e5c737  /(include    <memory.h> 

ed0a8b  //include    <time.h> 

f8b1cb  //include    <ctype.h> 

d91519  //include    "chipio.h" 

7baf 5a 

822d85  //define  MAX-C H I PS-PER-BOARD  -64 

e191af  //define  MAX-BOARDS  256 

59af 5a 

9e708e  static  void  EX  I T-ERR ( c ha r  *s)  {  f  printf  (stderr,  s);  exitd);  } 

619101  void  Autoconf igureScan(FILE  *  f  P  ,  int  fullScan,  int  verbose); 

C0e5e4  int  QuickCheckRegister(int  board,  int  chip,  int  register,  int  value); 

cd6c9b  void  AddSearchUnits(FILE  *fp,  int  board,  int  chip,  int  unit,  int  isGood); 

6693c5  long  DoFullScan(FILE  *fp,  int  board,  int*  chips,  int  verbose); 

a7a  f 5a 

f caf 5a 

ac164b  int  main(int  argc,  char  **argv)  { 

413850  --int  testLoops  =  - 1 ; 

1087d8   -int  baseloPort  =  0x210; 

2dadb6  --int  i,  nextArg,  fullScan; 

792659  --int  verbose  =  0  ; 

51bc33  --char  buffer[200]; 

4779c7  --char  *  f  i  I  e  S  p  e  c  ; 

58b166  --FILE  *  f  p  ; 

9ec1cd  --char  *helpMsg  =  "Usage:  autoconf  search. cfg  [baseloPort]  C-vD  C-t#]\n\n" 

c24b8d  "  -v:  -Verbose  operation\n" 

deec61  "  -search. cfg:  -The  output  file  for  the  config  info.Xn" 

eccff8  "  -baseloPort:  -Hex  base  port  of  I/O  card  (default  =  210  hex)\n" 

aa6d8e  "  -t#:  -Extra  testing  (see  below)\n" 

be1228  "\nUse  the  -t#  to  do  more  than  a  quick  test  for  chips. \n" 

25a0c7  "  -t0:  -Do  full  read/write  test  of  chip  registers\n" 

4e10f3  "  - 1  // :  -Do  //  iterations  of  a  full  system  test\n"; 

16af 5a 

b0ddd7  ••printf("\nDES  Search  Engine  Configurer  (Ver  %s,  %s).  May  be  export  " 

84ffaa  "control  led. \nWritten  1998  by  Cryptography  Research  " 

bc2e08  "(http://www.cryptography.com)  for  EFF.\n" 

75c4fd  "This  is  unsupported  " 

8 b 1 1 51  "free  software:  Use  and  distribute  at  your  own  risk.Xn" 
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d1805d 
ef 04bf 
5aa1f b 
6daf 5a 
a  ebc9a 
a78298 
03e776 
ba353d 
7715da 
83cf f f 
1 f 2647 
f  ba  d  e 
dc4adf 
4cb396 
1e568e 
7d3df a 
e18d34 
6d6a79 
a869b6 
7c26c3 
1e8d34 
b76f e7 
31df 1c 
41af 5a 
aa398a 
190e23 
7ae35c 
d9d292 
b06835 
b9142f 
d9af 5a 
64078e 
d9b291 
a8eee0 
7a575c 
98932f 
baa  f  5a 
253c81 
d96af 7 
91bad4 
a  ced24 
f aa  f  5a 
368f0d 
b2c130 
62bb1a 
a541c7 
00495c 
864529 
ef7769 
5d2f 5d 
b0b174 
65df 1c 
91 c86a 
57efe6 
bdaf 5a 
e4af 5a 
8daf 5a 
e238e5 
65e484 
d66ba  c 
dd495d 
84f b6d 
6e4007 
67b920 
65021b 
2baf 5a 
dca3b4 
f9378a 
08df b2 
06442d 
3680db 
34211  c 


SOFTWARE-VERSION,  SOFTWARE-DATE); 


\  n  \  n  \  n  " 


<  2  |  j  argvM  ]  L~  0  ]  =  =  '-•  ) 
RR(helpMsg); 

=  a  r  g  v  C  1  ]  ; 
tArg  =  2;  nextArg  <  argc;  nextArg  +  +)  •( 
gvCnextArgKOJ  ==  '-'  [|  argv[nextArg][0]  ==  '/')  { 
t ouppe r ( a rg vCnex t A rg  ]  C 1  ]  )  ==  'T')  { 
canf (argv[nextArg]+2,  "%d",  StestLoops); 

(test  Loops  <  0  ) 
testLoops  =  0  ; 

se  if  ( t ouppe r ( a rgvCnex t Arg  ]  C 1  ]  )  ==  'V') 
rbose  =  1  ; 

IT_ERR("FJad  parameter  (run  with  no  parameters  for  help)\n") 

{ 
nf(argvCnextArgD,  "%x",  &baseIoPort); 
baseloPort  <=  0) 
ITwERR("Bad  parameter  (run  with  no  parameters  for  help)\n") 


if  (verbose)  printf("Test  parameters:  \n"); 

if  (verbose)  printf("  ■ • BaselOPort  =  %  x  \  n  "  ,  baseloPort); 

if  (verbose)  printf("  •■ out  file  =  \"%s\"\n",  fileSpec); 

if  (verbose)  if  (testLoops  <  0)  printf("  --Quick  scan  only\n"); 

if  (verbose)  if  (testLoops==  0)  printf("  --FuLL  register  scan\n"); 

if  (verbose)  if  (testLoops  >  0)  printf("  •  •  %d  DES  tests\n"/  testLoops); 

"); 


f  (argc 

• EXIT-E 

i  L  eSpec 

or  ( nex 

•if  (ar 

-  •  •  if  ( 

ss 

if 

-  -  - >  el 

ve 

•  •  -else 

EX 

>  else 

•  *  ss  ca 

•■■if  ( 

• • ■ • EX 

fp  -    f open ( f i  I  e Spe c  , 

if  (fp  ==  NULL) 

•■EXIT-ERR(" Error  opening  output  file.Nn"); 

fprintf(fp,  "%%  Auto-generated  search  system  config  file\n' 

fprintf(fp,  "P0RT=%x\n",  baseloPort)  ; 

SetBaseAddress(baseloPort); 

fuLLScan  =  (testLoops  <  0)  ?  0  :  1; 

Au t ocon f i gu reS c a n ( f p,  fuLLScan,  verbose); 

fcLose(fp); 


i+1,  testLoops); 


for  (i  =  0;  i  <  testLoops;  i++)  { 

•  * pri nt f (  "Doi ng  DES  test  %d  of  %d.\n' 

••fp  =  fopen(fileSpec,  "w+"); 

•■if  (f p  ==  NULL) 

*'*'EXIT-ERR(" Error  reopening  output  fiLe.Xn"); 

••fgets(buffer,  190,  fp);  /  *  skip  header  Line 

••fgets(buffer,  190,  fp);  /*  skip  port  Line 

••fprintf(stderr,  "***  DetaiLed  test  not  implemented  !!!\n"); 

• • fcLose(fp); 

} 

return  (0); 


/* 


Au toma t i ca L Ly  figure  out  the  configuration  of  the  search  system. 
Thus  function  assumes  that  Se t Ba se Add  re s s  (  )  has  already  been  called. 


void  Autoconf igureScan( FILE  *fP/  int  fuLLScan,  int  verbose)  { 
int  board,  chip,  chipCount,  value; 
Long  totalChips  =  0; 
int  chipsCMAX-CHIPS-PER^BOARDD; 

if  (verbose)  p r i n t f ( " ****  DOING  AUTOCON F  I  GURE  SCAN  ****\n") 

for  (board  =  0;  board  <  MAX-BOARDS;  board++)  { 

•• printf ("CHECKING  BOARD  0x%02X:  ",  board); 

• • fflush(stdout); 

••chipCount  =  0; 

••for  (chip  =  0;  chip  <  MAX-C H I PS-PE R-BO ARD ;  chip++)  i 
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1e563d 
79c8a7 
527510 
5a  c  c0c 
78875d 
8c328b 
e9d006 
b0cf c7 
41dd81 
dad3c2 
f287c8 
903982 
b2986b 
61 f de4 
d17f b0 
8842cc 
e96f  e7 
47f418 
347082 
90af 5a 
f dcb4a 
e9eef  1 
45f0b8 
e46a79 
0db79b 
e2f9e5 
77b833 
b0d098 
2b3758 
065ead 
237f b0 
cd42  c  c 
516f e7 
f 5df 1c 
21397d 
05c77d 
daef  e6 
f  laf 5a 
c3a  f  5a 
66dda  a 
f  f8085 
953c2d 
25943a 
30d4d1 
ffefe6 
a1 af  5a 
dca  f  5a 
8cc043 
5717e0 
98af 5a 
e9b306 
el 54b0 
265e78 
3349d8 
1f ac09 
11229d 
5adf  1  c 
98efe6 
f eaf 5a 
0eaf 5a 
777b47 
8ef  f49 
33160d 
0f  b920 
c  ca  f  5a 
24d7a0 
dea  f  5a 
623f7a 
a172a5 
f 4af 5a 
bb775e 
86db8d 


/*  TE 

value 

f  (Q 

.  -  Q 

chi 

if 

els 
chi 
chi 
i  f 
i  f 


( ver 
intf  ( 

DO  D 
(f  uL 
total 
else 
chi  pC 
for  ( 
if 

•  •  c 

•  -  t 

•  •  A 
> 


ST  FIRST 
=  rand( 
ui  ckChec 
ui  c  kChec 
psCchip] 
(verbose 

boa 

e  { 

psCchip] 
pCount++ 
(verbose 
(f ul LSca 
f  (verbo 
e t  Reg  i  s  t 


BYTE  OF  CIPHERTEXT  0  (REGISTER  0x28)  */ 
)  8  0xFF; 

kReg i s t e r ( boa rd,  chip,  0x28,  value)  ==  0  ] | 
kRegi ster(board,  chip,  0x28,  valueA255)  ==  0)  £ 

=  0; 
)  printf("\n  --BOARD  0x%02X  CHIP  0x%02X:  Not  found, 
rd,  chip); 


)  printf("\n  --BOARD  0x%02X  CHIP  0x%02X:  F OUN D " , boa rd , c h i p ) 
n)  £ 

se)  printfC \n  --CHIP  0x%02X:  Halting  chip  for  test",  chip) 
er(board,  chip,  REG-PTXT^BYTE^MASK,  0xFF); 


bose)  p  r  i  n  t  f  (  "  \  n  "  )  ; 

"  -Found  %4d  chips  total. \n",  chipCount); 

ETAILED  REGISTER  SCAN  IF  REQUESTED  */ 

IScan  &&  chipCount)  £ 

Chips  =  DoFullScan(fp,  board,  chips,  verbose); 

£ 

o  u  n  t  =  0  ; 

chip  =  0;  chip  <  M AX_C H  I  PS^PE R^BO A R D ;  chip  +  +)  £ 

(chipsCchipT)  £ 

hipCount++; 

otalChips++; 

ddSearchllnits(fp,    board,     chip,    - 1  ,     1); 


if  ( 
pr  i  n 


verbose)  printfC'***  AUTOCONFIGURE  SCAN  COMPLETE  ***\n"); 
tf("Found  %ld  chips  total. \n",  totalChips); 


nt  QuickCheckRegister(int  board,  int  chip,  int  reg,  int  value)  £ 

•SetRegister(board,  chip,  reg,  value); 

•if  ( Ge t Reg i s t e r ( boa rd,  chip,  reg)  !=  value) 

•••return  (0); 

•return  (1); 


d  AddSea  r  chllni  t  s  (  F I LE  *fp,  int  board,  int  chip,  int  unit,  int  isGood)  £ 
nt  i  ; 

f  (unit  <  0)  £ 

•for  (i  =  0;  i  <  SEARCH^UNITS^PER-CHIP;  i++) 
•••AddSearchUnits(fp,  board,  chip,  i,  1); 
}  else  £ 

fprintf(fp,  "%s=0x%02X  0x%02X  0x%02X\n",  isGood  ?  "UNIT"  :  "FAIL", 

board,  chip,  unit); 


long  Do Fu  I  I  Scan ( F I LE  *fp,  int  board,  int*  chips,  int  verbose)  £ 
int  chip,  reg,  seed,  value,  i,  j; 
int  uni  t s  C  24 ] ; 
long  totalChips  =  0; 


if  (verbose)  printfC1 


Register  scan  on  board  0x%02X 


\n",  board) 


/*  PICK  A  SEED  8  USE  IT  TWICE  (ONCE  WHEN  SETTING  8  ONCE  WHEN  CHECKING  */ 
seed  =  (int)time(NULL); 

/***  SET  REGISTERS  ***/ 
srand(seed); 
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bc3f58  --for  (chip  =  0;  chip  <  MAX_CHIPS_PER_BOARD;  chip++)  i 
d05448  ••••if  (chipsCchip]  ==  0) 

325f6a  continue; 

8c9858  ••••if  (verbose)  printfC  --BOARD  0x%02X  CHIP  0x%02X:  Setting  regs.Xn", 

d05be4  board,  chip); 

eab177  for  (reg  =  0;  reg  <=  0xFF;  reg  +  +)  i 

e5beec  if  ((reg  >=  0x39  &&  reg  <  0x40)  |j  (reg  >  0x40  S&  (reg  &  7)  ==  7)) 

7ca511  continue; 

cec87b  value  =  randO  &  2  5  5; 

9aca50  SetRegister(board,  chip,  reg,  value); 

7e6fe7  •  •  •  -  > 

e2df 1c  •  •  } 

eba  f  5a 

60d84d  ••/***  CHECK  REGISTERS  ***/ 

57db8d  --srand(seed); 

843f58  ••for  (chip  =  0;  chip  <  MAX^CH  I  PS..PE  R_B0  AR  D ;  chip  +  +)  { 

1a5448  ••••if  (chipsCchip]  =  =  0) 

7d5f6a  continue; 

d51775  ••••for  (i  =  0;  i  <  24;  i++) 

d30734  unitsCi]  =  1; 

d4a885  ----if  (verbose)  printfC  --BOARD  0x%02X  CHIP  0x%02X:  Checking.  ..\n", 

6c5be4  board,  chip); 

5ab177  for  (reg  =  0;  reg  <=  0xFF;  reg  +  +)  { 

00beec  if  ((reg  >=  0x39  &&  reg  <  0x40)  ||  (reg  >  0x40  &&  (reg  &  7)  ==  7)) 

1 7  a  5 1 1  continue; 

205f9e  value  =  randO  8  255; 

2da5d1  i  =  GetRegi ster(board,  chip,  reg); 

3acb31  SetRegister(board,  chip,  reg,  value  A  255); 

39b29a  j  =  GetRegi ster(board,  chip,  reg); 

c71a0d  if  (i  !=  value  !!  j  !=  (value  A  255))  { 

cb5495  if  (chipsCchipH) 

b7125b  printf("\n  ***  BOARD  0x%02X,  CHIP  0x%02X  FAILED  ***\n  -Details 

0ba711  board,  chip); 

6d08d0  if  (reg  <  0x40) 

056181  chipsCchip]  =  0; 

a31e5b  else 

d464e9  units[(reg  -  0  x  4  0  )  /  8  ]  =  0; 

0e6b2c  if  (i  !=  value  ||  j  !=  value) 

15f088  printfC \n  -Board  0x%02X  Chip  0x%02X  Reg  0x%02X  bad:", 

dd88d1  board,  chip,  reg); 

6e3a74  if  (i  !=  value) 

1e6ac7  printfC  -Got  0x%02X,  not  %02X.",  i,  value); 

c746af  if  (j  !=  (value  A  255)) 

1547f8  printfC  -Got  0x%02X,  not  %02X.",  j,  value  A  255); 

d8cf  c7  >  else  { 

8bef4b  if  (verbose) 

dfa942  printfC  \n  --Reg  0x%02X  good  (Read  0x%02X)",  reg,  value); 

8742cc  > 

676f e7  -  -  -  • > 

b15448  ----if  (chipsCchip]  ==  0) 

e1b2b4  printfC  \n CHIP  FAILED  --\nM); 

bf 83c8  - • • • else  { 

2ca741  for  (i  =  0;  i  <  24;  i++) 

2e958f  AddSearchl)nits(fp,  board,  chip,  i,  unitsti]); 

3688b7  totalChips  +  +  ; 

e46fe7  • • • • > 

ccdf 1 c  •  •  > 

c00cbb  •• return  (totalChips); 

47efe6  > 

dea  f  5  a 

05af  5a 
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eb1685  rem  Sample  build  script  (using  Microsoft  Visual  C++) 

89af 5a 

a05793  cl  search. c  keyblock.c  chipio.c  des.c 

049d12  cl  initsrch.c  keyblock.c 

818947  cl  autoconf.c  chipio.c 

110940  cl  testvec.c  sim.c  des.c 

b8af 5a 
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8d2d03 
a07c89 
87350a 
be29eb 
3309f c 
b28aaf 
a  e  ca  eb 
6c4992 
6d29eb 
95c755 
f 329eb 
12489b 
0e29eb 
596eef 
6629eb 
2f28d9 
d929eb 
3dd8c3 
49af 5a 
c8f eb2 
ab1465 
ef bea3 
4e1519 
24af 5a 
f c411c 
0ce1 ec 
b3ed93 
766981 
29af 5a 
ec08d9 
823310 
40f c87 
5f 8cee 
7d9f2f 
b52497 
5aa  f  5a 
3c4951 
663867 
e7ded 
8a8735 
777b8e 
dd9757 
e884f 1 
49af 5a 
8738e5 
4ce308 
59495d 
aee62  f 
67ac33 
e5126b 
b62102 
3a8807 
c48418 
c82d1d 
439bf 5 
7532f 0 
97157a 
07d8af 
b9874e 
eca  f  5a 
d72e32 
d5af 5a 
08af 5a 
f cc96f 
f438e5 
6a5039 
b0495d 
aa4429 
4599d0 
5a8d6b 
a  c  a  f  5  a 
7948ba 


************************* 


*************: 


chipio.c 


Search  Engine  Low-Level  Hardware  Interface  Module 


••Written  1998  by  Cryptography  Research  (http://www.cryptography.com) 

and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  »••■ 

Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  ••• 

THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK 


IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM. 


*********** 


********* 


********** 


********************** 


REVISION  HISTORY:  

Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF. 


******* 


******** 


******** 


**************** 


//include  <stdio.h> 

//include  <conio.h> 

//include  <stdlib.h> 

//include  "chipio.h" 

static  int  CURRENT-BOARD  ••••=  - 1 ; 

static  int  CURRENT-CHIP  =  - 1  ; 

static  int  CURRENT-PORT-CNFG  =  - 1 ; 

static  int  I  O-BAS E-A D D RES S  =  0x210; 

//define  I  0-PORTA-ADDR E S S  (  I  O-BAS  E-A  D  DR  ES  S  +  0  ) 

//define  I  0-PORTB-A D DR E S S  (  I  0-B  AS  E-A  D  D  R  E  S  S  +  1  ) 

//define  I 0-PORTC-A D D R E S S  (  I  O-BA  S  E-A  D  DR  E  S  S  +  2  ) 

//define  I O-CN FG-AD DR ESS  •  (  I  O-BAS  E-A  D  DR  E  S  S  +  3  ) 

//define  CNFG-OUTPUT  •  •  0x80 

//define  CNFG-INPUT  •-•0x82 


//define 
//define 
//define 
//define 
#de  f  i  ne 
#de  f  i  ne 
#de  f  i  ne 


CTRL-BASE 

CTRL-RST 

CTRL-RDB 

CTRL-WRB 

CTRL-ALE 

CTRL-ADRSEL2 

CTRL-ADRSEL1 


0x1B 
0x20 
0x10 
0x08 
0x04 
0x02 
0x01 


/*  base  value  onto  which  others  are  XORed  */ 


in  documentation  is  also  called  CNTR1  */ 
in  documentation  is  also  called  CNTR0  */ 


/* 

•*  -DELAYS  CAN  BE  ADDED  TO  DEAL  WITH  BUS  LO A D  I  NG  /  C A P A C I T AN C E  /  E T C . 

•  */ 

//define  DELAY-FACTOR  100L 

//define  DELAY-ADDRESS-SETTLE  •  •  0*  D  E  LA  Y-  F  A  CTOR 

//define  DELAY-DATA-SETTLE  0*  D  E  LA  Y- F  AC  TOR 

//define  D  E  LA  Y-RST-HO  LD  0*  D  E  LA  Y- F  A  C  TOR 

//define  D  E  LA  Y-RST-RECOVER  0*  D  E  L  A  Y- F  AC  TO  R 

//define  D  E  LA  Y-R  DB-HO  LD  0*  D  E  LA  Y- F  A  C  TOR 

//define  D  E  LA  Y-RDB-R  E  COVER  0*DE  LA  Y- F  A  CTOR 

//define  D  E  LA  Y-WRB-HO  LD  0*  D  E  L  A  Y- F  A  C  TO  R 

//define  D  E  LA  Y-WRB-R  E  COVER  0*  D  E  LA  Y-  F  A  CTOR 

//define  DELAY-ALE-SETTLE  0*D E LA Y- F A C TOR 

//define  D  E  LA  Y-AD  RS  E  L2-S  ETTLE  -  -  0*  D  E  L  A  Y- F  A  C  TO  R 

//define  D  E  LA  Y-AD  RS  E  L1  -S  ETTLE  -  •  0*  D  E  L  A  Y- F  A  C  TO  R 


//define  i  oDe  I  a  y  (  de  I  ay  T  i  me  ) 


O 


/*  insert  delay  if  rqd  */ 


//ifdef     -MSC-VER 

/* 

•*     -Microsoft     C++    Direct     I/O     Functions 

-  */ 

static  int  inportb(int  portNum)  { 

-•unsigned  char  r  v  a  I ; 

••unsigned  short  portNumShort  =  (unsigned  short)portNum; 

••-asm  {  mov  dx , po r t NumS ho r t  > 
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05a1b8 
390458 
5b76c9 
aeef e6 
09af 5a 
0f9285 
3355b6 
0b8d6b 
64af 5a 
ac005a 
6893dc 
1af  f  c5 
a  5e  f  e6 
987454 
e0af 5a 
f0af 5a 
04d629 
37d170 
a43113 
7eaf 5a 
226c42 
022f bb 
38d9be 
61e818 
0f 2e99 
dcbbe3 
8cf9a6 
96e4d4 
71ef e6 
dca  f  5a 
bbaf 5a 
334e16 
b354f 5 
85ef e6 
leaf  5a 
49af 5a 
2952e2 
e81c12 
20ef e6 
6aa  f  5a 
08af 5a 
1db8ab 
5899a6 
67efe6 
98af 5a 
ebaf  5a 
c6415d 
186000 
9f0c74 
a1f9a6 
029b83 
b4ef e6 
83af 5a 
a8b6a1 
23c7b8 
92b28f 
bcec59 
2baf 5a 
485205 
d81486 
14af 5a 
797450 
f c1486 
36af 5a 
7c9619 
b11e79 
39af 5a 
647dd7 
14d3d3 
c4ef e6 
5baf 5a 
e6a  f  5a 


-asm  -C  in  a  I  ,dx  } 
-asm  {  mov  rval,  al  } 
return  (rval); 


static  void  outportb(int  portNum,  int  val)  { 
■-unsigned  char  vaLChar  =  (unsigned  char)val; 
••unsigned  short  portNumShort  =  (unsigned  short )portNum, 

••-asm  -C  mov  dx,  portNumShort  > 
••-asm  -C  mov  at,  vaLChar  } 
••-asm  {  out  dx,  al  } 
> 
#endi  f 


static  void  Conf i gu r e  I  0_Po r t ( i n t  i nputOrOutput  )  { 
outportb(IO-CNFG-ADDRESS,  i nputOrOutput); 
CURRENT-PORT-CNFG  =  inputOrOutput; 

/  *  -Warning: 


Changing  the  10  port  state  causes  a  tiny  glitch  to  go  out  on  the 
PC-DIO  card.  -This  is  enough  to  ocasionally  trigger  the  ALE,  which 
causes  read/write  errors.  -To  avoid  this,  always  explicitly 
re-select  the  chip  after  switching  port  directions. 


CURRENT-CHIP 


1  ; 


static  void  Se t Add  re ss ( i nt  add r es sVa  I  ue  )  { 
•  -outportbdO-PORTA-ADDRESS,  addressValue) 

> 


static  void  SetData(int  dataValue)  { 

•  -outportbdO-PORTB-ADDRESS,  dataValue) 

> 


static  int  G  e  t  Da  t  a  (  vo  i  d  )  -C 

• • return  (inportb(IO-PORTB-ADDRESS)); 

> 


static  void  S e t C on t r o  I  ( i n t  controlPortValue)  i 


•*  Possible  optimization:  Don't  send  value  if  already  correct. 

•  */ 

outportb(I0-P0RTC-ADDRESS,  controlPortValue) ; 

atic  void  se  I  e  c  t  Boa  r  d  (  i  n  t  board)  -C 

SetAddress(board); 

SetControl (CTRL-BASE  A  C TR L- A D R S E L1 ) ;  •••/*  put  board  ID  onto  address  pins 

ioDelay(max(DELAY-ADDRESS_SETTLE,  D E LA Y_A D R S E L 1 -S ETT L E ) ) ;  /*  wait 

SetControKCTRL-BASE  A  CTRL-ADRSEL1  A  CTRL-ALE);  /*  pull  ALE  high 

ioDelay(DELAY-ALE-SETTLE);  /*  wait 

SetControl  (CTRL-BASE  A  C  T  R  L-A  D  R  S  E  L  1  )  ;  /*  pull  ALE  back 

ioDelay(DELAY -ALE-SETTLE);  /*  wait 

SetControl (CTRL-BASE);  /*  ADRSEL1  done 

ioDelay(DELAY-ADRSELI-SETTLE); 

CURRENT-BOARD  =  board; 
CURRENT-CHIP  •=  - 1  ; 
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bc4c68 
72cb81 
3ca47d 
ca  a  f  5  a 
1ad034 
f c1486 
f 4af 5a 
917415 
9b1486 
85af 5a 
f b6496 
4fefe6 
d6af 5a 
8baf 5a 
d13072 
eee199 
21efe6 
34af 5a 
a  7a  f  5a 
1a38e5 
2c052d 
8a775e 
810727 
c18338 
30b84c 
11495d 
6aa7b4 
66af 5a 
65da81 
0488b6 
3c750b 
0daf 5a 
23f  bb6 
3daf 5a 
350fd9 
fd9c65 
c33f 1e 
63941 c 
09af 5a 
274a62 
15e381 
56c86a 
52ef e6 
65af 5a 
46af 5a 
dd070c 
b637bb 
a221ba 
5277f 8 
5e72c3 
cad37b 
ae038d 
a  f  a  f  5a 
72a826 
2e3549 
1d964b 
a0f c7b 
8a43b6 
bb7938 
72a1d3 
623cfe 
060257 
3ab463 
ab684d 
c6ef  e6 
dca  f 5a 
2890e3 
7a07b4 
c6a  f  5a 
Oaf  350 
f 6b51f 
4277f  8 


static  void  se L ec t C h i p ( i n t  chip)  { 

SetAddress(chip);  

ioDelay(DELAY-ADDRESS-SETTLE);  ■ 


select  chip  */ 
••••/*  wait  */ 


SetControKCTRL-BASE     A     CTRL-ALE) 
ioDelay(DELAY-ALE-SETTLE);     


/*  pull  ALE  high  */ 
/*  wait  */ 


pull  ALE  back  */ 
/*  wait  */ 


SetControl(CTRL-BASE);  ••• 
ioDelay(DELAY-ALE-SETTLE); 

CURRENT-CHIP  =  chip; 


void  Se t Ba seAdd ress ( i nt  address)  { 

• • IO-BASE-ADDRESS  =  address; 

} 


*  -RESET  A  SINGLE  BOARD 

* 

*  -This  function  resets  an  entire  board.  It  is  not  optimized  for  speed. 

*  -It  is  necessary  to  delay  after  calling  this  function  until  the  board 

*  -reset  comp I et  es . 
*/ 

nt  Reset  Boa rd ( i nt  board)  i 

•/*  Configure  the  10  card  (doesn't  matter  if  for  data  input  or  output)  */ 

•ConfigurelO-Port(CNFG-INPUT);  /*  configure  the  10  port  */ 

■ConfigurelO-Port(CNFG-OUTPUT);  /*  configure  the  10  port  */ 


selectBoard(board); 


SetControKCTRL-BASE     A     CTRL-RST); 

ioDelay(DELAY-RST-HOLD);     

SetControKCTRL-BASE);     

ioDelay(DELAY-RST-RECOVER);  


select  the  boa  rd  */ 

RESET  THE  BOARD  */ 

/*  wait  */ 

*  stop  resetting  */ 
/*  wait  */ 


CURRENT-BOARD 
CURRENT-CHIP 
return  (0); 


-1  ; 
-1; 


reset  this  on  next  10  to  be  safe  */ 
/*  reset  this  to  be  safe  */ 


void  Se  t  Reg  i  s  t  e  r  (  i  n  t  board,  int  chip,  int  reg,  int  value)  -C 

if  (CURRENT-PORT-CNFG  !=  CNFG-OUTPUT)  /*  set  10  data  lines  for  output  */ 

•-ConfigurelO-Port(CNFG-OUTPUT); 

if  (CURRENT-BOARD  !=  board)  /*  make  sure  board  is  selected  */ 

• • selectBoard(board); 


if  (CURRENT-CHIP  !=  chip) 
•  •  selectChip(chip); 


/*  make  sure  chip  is  selected 


SetAddress(reg);  /  *  select  the  right  address  */ 

SetData(value);  /*  output  the  data  */ 

SetControKCTRL-BASE  A  C  T  R  L- A  D  R  S  E  L2  )  ;  /*  pull  low  */ 

ioDelay(max(max(DELAY-ADDRESS-SETTLE, DELAY-DATA-SETTLE),  /*  wait  */ 

DELAY-ADRSEL2-SETTLE)); 

SetControl  (CTRL-BASE  A  CTRL-WRB  A  C T R L- A D R S E L2  )  ;  /*  pull  WRB  low  */ 

ioDelay(DELAY-WRB-HOLD);  /*  hold  it  */ 

SetControl  (CTRL-BASE  A  CTR L-A D R S E L2  )  ;  /*  let  WRB  high  again  */ 

ioDelay(DELAY-WRB-RECOVER);  /*  wait  */ 

SetControl  (CTRL-BASE);  /*  let  WRB  high  again  */ 

ioDelay(DELAY-ADRSEL2-SETTLE);  /*  wait  */ 


nt  Ge  t  Reg  i  s  t  e  r  (  i  n  t  board,  int  chip,  int  reg)  -C 
•int  r  v  a  I ; 


if  (CURRENT-PORT-CNFG  !=  CNFG-INPUT) 

■-ConfigurelO-Port(CNFG-INPUT); 

if  (CURRENT-BOARD  !=  board)  


/*  set  10  data  lines  for  input  */ 
/*  make  sure  board  is  selected  */ 
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5772c3 
C0d37b 
2c038d 
c8af 5a 
e2a826 
8f23d4 
2275f f 
6f e7c0 
fa8603 
5ec058 
bbc573 
c22935 
6dafb3 
9ae0ca 
25af 5a 
2b76c9 
60efe6 
17af 5a 
90b207 
4717e0 
25af 5a 
9a0cd1 
6a76cd 
c2400d 
f ac86a 
15ef e6 
a1 af 5a 


•  -selectBoard(board); 

if  (CURRENT-CHIP  !=  chip) 

* • selectChip(chip); 


/*  make  sure  chip  is  selected 


SetAddress(reg);  

SetControl (CTRL-BASE  A  CT R L- A D RS E L2  )  ;  / 

ioDeLay(max( DELAY-ADDRESS-SETTLE,  DELAY-ADRSEL2-SETTLE)) 


CTRL-ADRSEL2) 


SetControKCTRL-BASE     A     CTRL-RDB 

ioDelay(DELAY-RDB-HOLD); 

rval  =  GetDataO; 

SetControL (CTRL-BASE  A  C TR L-A D R S E L2  ) 

ioDelay(DELAY-RDB-RECOVER); 

SetControL(CTRL-BASE);  

ioDelay(DELAY-ADRSEL2-SETTLE); 

return  (rval); 


nt  Chec kReg i s t e r ( i n t  board,  int  chip,  int  rei 
•  i  n  t  i  ; 

•i  =  GetRegister(board,  chip,  reg); 
■if  (i  !=  value) 
•••return  (  - 1  )  ; 
•return  (0); 


select  the  right  address  */ 

pull  adrse  12  low  */ 

/*  wait  */ 

• /*  pul  I  RDB  low  */ 


• /*  let  RDB  high  */ 
let  ADRSEL2  high  */ 


int  value)  { 
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8d2d03  /****************************************************** 

1a43fa  •*  chipio.h  * 

7c1e7f  •*  Header  file  for  chipio.c  * 

c629eb  •*  * 

7709fc  •*  -•■Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  •••* 

218aaf  •*  and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  * 

e6caeb  •*  Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  ..••*.* 

8b4992  •*  -THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK.  ■* 

1329eb  •*  * 

3fc755  •*  -IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM.  -* 

2329eb  •*  * 

2d489b  .***************************************************************************** 

3229eb  •*  * 

046eef  ■*  --REVISION  HISTORY:  * 

2b29eb  ■*  * 

ad28d9  •*  --Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF.  * 

ba29eb  ■*  * 

08d8c3  .*****************************************************************************/ 
a7a f  5a 

f51920  tfifndef  CHIPIO-H 

e6d6b9  fldefine  — CHIPIO-H 

d8af 5a 

a32deb  tfdefine  S E ARC H^UN I TS-PER-C H I P  24 

b9af 5a 

96c928  #define  REG-PTXT-VE C TOR  (0x00) 

5821cd  tfdefine  REG-PTXT-XOR-M ASK  ---(0x20) 

9db3c1  #define  REG_C I PH E RTEXT0  (0x28) 

211752  #define  REG-C  I  PH E RTEXT 1  (0x30) 

25db81  #define  REG-PTXT-B YTE_M ASK  --(0x38) 

2b107b  #define  REG-S E AR C H  I  N FO  (0x3F) 

6db9aa  tfdefine  REG-S E ARC H-KE Y ( x  )  ■■-(0x40  +  8*(x)) 

c4701d  #define  REG-S E A RC H-STATUS ( x  )  (0x47  +  8*(x)) 

69af 5a 

4bea1c  void  SetBaseAddress(int  address); 

6bbdbf  int  ResetBoard(int  board); 

b4274a  void  Se t Reg i s t e r ( i n t  board,  int  chip,  int  reg,  int  value); 

ba59e9  int  GetRegister(int  board,  int  chip,  int  reg); 

6ea7fa  int  CheckRegister(int  board,  int  chip,  int  reg,  int  value); 

f 8af 5a 

147454  tfendif 

b3af 5a 
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•Written  1995-8  by  Cryptography  Research  (http://www.cryptography.com) 
■Original  version  by  Paul  Kocher.  Placed  in  the  public  domain  in  1998. 
THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK 

IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM 


****** 


*********************** 


IMPLEMENTATION  NOTES: 


This  DES  implementation  adheres  to  the  FIPS  PUB  46  spec  and  produces 
standard  output.  -The  internal  operation  of  the  algorithm  is  slightly 
different  from  FIPS  46.  -For  example,  bit  orderings  are  reversed  ••-- 
(the  right-hand  bit  is  now  labelled  as  bit  0),  the  S  tables  have  •••• 
rearranged  to  simplify  implementation,  and  several  permutations  have 
been  inverted.  -For  simplicity  and  to  assist  with  testing  of  hardware 
implementations,  code  size  and  performance  optimizations  are  omitted. 


******************************** 


REVISION  HISTORY: 


Version  1.0:  -Initial  release  •--  PCK.  

Version  1.1:  -Altered  DecryptDES  exchanges  to  match  EncryptDES.  --  PCK 

Version  1.2:  -Minor  edits  and  beau t i f i ca t i ons .  ■ --  PCK  

Version  1.3:  -Changes  and  edits  for  EFF  DES  Cracker  project.  
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8d2d03 
9240d0 
a8bcaa 
9b29eb 
6ed9a2 
b2c441 
d34992 
4829eb 
25c755 
df  29eb 
ce489b 
8229eb 
6015cb 
2829eb 
217602 
a5ad64 
bd2a2b 
fd1be6 
bab9c7 
e3c21e 
c52d8b 
5d29eb 
3c489b 
1929eb 
e76eef 
d229eb 
ccc443 
7bb74c 
425c27 
03d930 
ad29eb 
83d8c3 
e8af 5a 
bf  f  eb2 
45bea3 
2e324c 
0a2ba  c 
32af5a 
557461 
2884a3 
9bccf a 
611504 
3707da 
46017b 
3694f  e 
a  b7f  a  e 
6aabe7 
a3fd9c 
ba2f30 
8c43bc 
87af 5a 
27a0e5 
02af 5a 
bdaf 5a 
cea  f  5a 
964d6c 
dec68f 
933c1a 
46c68f 
094d6c 
3daf 5a 
b1af5a 
7538e5 
f6556a 
a3495d 
51c166 
4f9d69 
b9c827 
f 038ae 
5c6de0 
86b247 
29e709 


***** 


Software  Model  of  ASIC  DES  Implementation 


**************: 


^include  <stdio.h> 
flinclude  <stdlib.h> 
//include  <string.h> 
//include  "des.h" 

static  void  ComputeRoundKey(bool  roundKeyC56D,  bool  keyC56]); 

static  void  Rot  a t eRoundKey Le f t ( boo  I  round Ke y C 56 1 ) ; 

static  void  Ro t a t e RoundKey R i g h t ( boo  I  r ou ndKey L 56 ] ) ; 

static  void  C ompu t e I P ( boo  I  LC32],  bool  RC32],  bool  i nB  I  k [ 64  ]  )  ; 

static  void  Compu t e F P ( boo  I  ou t B  I  k [ 64  ]  ,  bool  LC32],  bool  RC32D); 

static  void  ComputeF(bool  foutr.323,  bool  RC32H,  bool  roundKeyC56]) 

static  void  ComputeP(bool  outputC32],  bool  inputC32]); 

static  void  Compu t eSu-Lookup ( i n t  k,  bool  outputC4D,  bool  inputC6D); 

static  void  ComputePC2(bool  subkeyC48D,  bool  roundKeyE56]); 

static  void  ComputeExpansionE(bool  expandedBlockE48],  bool  RC32H); 

static  void  DumpBin(char  *str,  bool  *b,  int  bits); 

static  void  Exchange-L-and„R(bool  LC323,  bool  R  C  3  2 1 )  ; 


static  int  Ena b I eDumpBi n 


DES  TABLES 


************* 


***  *  / 

•  •  •  */ 

•  ■  ■  */ 
-  •  •  */ 

•  *  *  *  / 


•IP:  Output  bit  tab  I  e^DES^IPL"  i  ]  equals  input  bit  i. 


static 
39 

38 
37 
36 
35 
34 


int  table-DES-IPC64] 


47, 
46, 
45, 
44, 
43, 
42, 


15,  55,  23,  63, 
14,  54,  22,  62, 


13,  53,  21,  61,  29 

12,  52,  20,  60,  28 

11,  51,  19,  59,  27 

50,  18,  58,  26 
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a5829e 
c51  1  f f 

b482f 7 
a  1  a  f  5a 
0caf 5a 
6738e5 
b248ca 
1 1495d 
e  a  d  d  2  a 
225b71 
d98cd9 
e79996 
6eb571 
c50e3f 
91d997 
8dccd8 
514da9 
6f82f 7 
47af 5a 
20af 5a 
8038e5 
3cda05 
d4495d 
C00c38 
8bb89e 
8728e4 
9c8d2c 
e21d56 
37bf 91 
a62f eb 
5c91e6 
fad02f 
b082f7 
55af 5a 
df af 5a 
8438e5 
45f 37a 
0a495d 
047f cf 
498889 
2e30a5 
c23f a5 
3ce272 
646356 
207786 
aa82f7 
f faf 5a 
dlaf 5a 
d838e5 
1 cdb31 
76495d 
ac6a87 
fae6fb 
f 62634 
95d06b 
4b7f a0 
cf 4d0d 
d09708 
4082f7 
4f af 5a 
e  ea  f  5a 
ae38e5 
bcc34a 
b7495d 
365137 
15f 612 
d0b9f8 
18cde3 
9b60a7 
4482f 7 
cea  f  5a 
20af 5a 


.  ...  33 
••••32 
>; 


41, 

40, 


9,  49,  17, 
8,  48,  16, 


57 
56. 


25, 
24 


/ 
sta 


-FP:  Output  bit  t a b L e_D ES_ F P C i 3  equals  input  bit 


t  i  c 
'  57, 
•59, 
•61, 
•63, 
■  56, 

•  58, 

•  60, 
•62, 


PC1 


int  table_DES_FPC64] 


49, 


41,  33, 
51,  43,  35, 
53,  45,  37, 

47 

40 
42 
44 


55, 
48 
50 
52 
54 


39 
32 
34 


25 
27 
29 
31 
24 
26, 


17, 
19, 

21, 


=  -C 
•9, 

11, 
13, 


23,  15, 
16,  -8, 


36,  28, 
46,  38,  30, 


18 
20 
22 


1, 
3, 
5, 
7, 
0, 
2, 
4, 
6 


static 
27, 
26, 
25, 
24, 
23, 
22, 
21, 
20, 


Permutation  choice  1,  used  to  pre-process  the  key 
int  table_DES_PCir.56]  =  { 


19,  11 

18,  10 

17, 

16, 

15, 

14, 

13, 

12, 


31,  39, 

30,  38 


47,  55, 
46,  54, 


29 
28 


37 
36 


45 
44 


53, 
52, 


3,  35,  43,  51, 
2,  34,  42,  50, 


33. 
32, 


49 
48 


static  int  t a b I e_D E S_PC2 C 48  ]  =  { 


PC2:  Map  56-bit  round  key  to  a  48-bit  subkey 


24, 
■  0. 
16. 


27, 
17, 
26, 


•6, 
12, 
•  9. 


14, 

•8 
19 


10 
23 
25 


•3, 
11, 
•  4, 


54,  43,  36,  29,  49,  40,  48, 
52,  44,  37,  33,  46,  35,  50, 


static  int  t a b I e_D E S~E [ 48  ] 


28,  53,  51,  55,  32,  45,  39,  42 


Expand  32-bit  R  to  48  bits 


31, 

•  0, 

•1,     -2, 

•3, 

•4, 

■3,     -4, 

•  5, 

■6, 

•7,     -8, 

•  ', 

•8, 

•9,     10, 

1  1  , 

12, 

11,     12, 

13, 

14, 

15,     16, 

15, 

16, 

17,     18, 

19, 

20, 

19,    20, 

21  , 

22, 

23,    24, 

23, 

24, 

25,     26, 

27, 

28, 

27,    28, 

29, 

30, 

31  ,     -0 

•*  *P:  Permutation  of  S  table  outputs 

•  */ 

static  int  t ab  I  e_D ES-PH 32 ]  =  { 

11,  17,  -5,  27,  25,  10,  20,  • 0, 
13,  21,  -3,  28,  29,  -7,  18,  24, 
31,  22,  12,  -6,  26,  -2,  16,  -8, 


14,  30,  -4,  19,  -1,  -9,  15,  23 
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bc38e5 
8e6f34 
a3495d 
a11e19 
3cd69a 
e4846d 
c965af 
95d5b0 
8c3ee1 
11d2b1 
d54b6a 
98df4d 
35f575 
7b6234 
d2decc 
1ef 108 
9bd582 
7f 0bbf 
9a7505 
68dae7 
305c4d 
d80156 
37f 5dc 
ded332 
5f c636 
ef4850 
14f 1a6 
45f43f 
9ed830 
49c21d 
b1ea9b 
03bd2c 
bed567 
3b8261 
c3ce60 
69a636 
38ac1 c 
6b7311 
a8b1 aa 
ceca4b 
68cf66 
7baa  cb 
4d2f45 
3f2777 
1882f 7 
34af 5a 
55af 5a 
e6a  f  5a 
f  caf  5a 
d34d6c 
dec68f 
f bcabf 
f f c68f 
474d6c 
8eaf 5a 
5baf 5a 
2a38e5 
0f b080 
4d770b 
22495d 
da5620 
062b1c 
909aa1 
6fbfaf 
d8af 5a 
9b1294 
3ccb2a 
728fb2 
490a8e 
d75585 
f faf 5a 
f 7c1be 


/ 
static  int  t a b I e-DES-S C 8 ] [ 64 1 


•S  Tables:  Introduce  nonlinearity  and  avalanche 


table  SC0] 

i 


tab 

i 


tab 
{ 


tab 


tab 
{ 


tab 
{ 


tab 


tab 

i 


le 


le 


le 


3,  • 

0,  1 
7,  ■ 

0,  1 

s:i : 

4,  1 

3,  1 

1,  •  ( 

0,  •! 
SC2D 

2,  11 

0,  ■ 
9,  • 

7,  1 
SE33 

2,  1 

8,  ■ 

4,  1 

5,  ■ 
SC43 
7,  1 

1,  • 
0,  ■ 
5,  • 
SH5] 

0,  1 

1,  • 

3,  - 
1,  • 
SC6] 
5,  ■ 

9,  1 
0,  1 
5,  1 
SC7] 

4,  ■ 

3,  1 

4,  1 

5,  • 


2,  15, 

5, 


1, 

2,  -9, 

2,  11, 
5,  -  6,  12 

*/ 

3,  11,  • 0 

4,  12 


1  , 


6, 
4, 
1  , 

4, 
5, 
1  , 
6, 

3, 
4, 
3, 
9, 

3, 
2, 
1  , 

4, 

3, 
2, 

3,  14, 
1,  -8, 
*/ 

4, 


■  3, 
11, 

•  5, 

15, 

•  1, 

■  3, 
14, 

11, 

•  0, 

•  8, 
15, 


'  8, 
■  3, 

•  4, 
10, 

■2, 

•  9, 
11, 
'  6, 

10, 

•  3, 
15, 

•  4, 

'  4, 

•  3, 

•  1, 
12, 


3,  -4, 
6,  14, 

4,  •  1, 
9,  13, 

1  ,  14, 


•  7. 
13, 


4,  15 
3,  '  4. 
2,  •  5, 
1  ,  10, 

2,  •  1, 

5,  15, 
2,  11 


3 

2,  •  7, 

6,  15, 

1,  '4, 


8,  14 


•  7, 
'  8, 
10, 
15, 

13, 


'  6, 

15, 
'  6, 
12, 
11  , 


'  9, 

■  3, 

'  9, 
12, 

•  4, 

■  2, 

•8, 

■  2, 

•  7, 

12, 

13, 
•6, 
14, 

•  9, 


5,  14, 

0,  14 
5,  •  7, 


4,  14 

1  ,  13 

0,  11 

7,  •  6 


7,  •  1 

2,  12 

8,  •  8 

3,  •  7 


8,  -6,  10, 

1,  "5,  -0, 

7,  -9,  ■ 4, 

0,  15,  • 3, 


7,  1  5, 
2, 


2, 

4, 
2, 
7, 

2, 

0, 
7, 
9, 

5, 

2,  1  1 

6,  12 


4, 
5,  -2, 
2,-1, 
0,  14, 


5,  12, 
3, 


6, 

4,  11,  12, 
8,  •  6, 

5 


9, 


11, 

15, 

•  6, 

•  3, 


2,  14, 


5, 
13, 
•3, 


■9, 
'  4, 
10, 


}; 


5,  -3,  11, 

0,  14,  12, 

2,  10,  14, 

3,  -5,  • 5, 

0,  -9,  •  8, 

0,  15,  •  6, 

3,  -4,  •  7, 

5,  -2,  -9, 


•  6 

•  5, 
12 

1  1 


0,  -7,  11 , 

0,  -9,  14 

3,  14,  -7 

3,  -4,  ■  0, 

6,  15,  -9 

2,  10,  -4 

1  ,  •  1 ,  -7 

2,  -7,  -8, 

3,  -4,  15 

4,  11,  -  2 

5,  -9,  -3 

0,  -5,  14, 

1,  -2,  -3 
0,  -  9,  -  5 

4,  15,  13 
3,  -  5,  •  2, 

5,  -  2,  11 
9,  -5,  •  0 

6,  -9,  -2 
0,  -  0,  -  5 


7,  • 1 ,  -4, 
9,  -7,  • 2, 

8,  -2,  13, 

6,  -8,  11  • >, 

1 ,  13,  10, 

8,  •  1 ,  *  6, 
0,  14,  • 7, 

3,  '2,  12  ■ }, 

9,  -8,  • 5, 
3,  11,  -8, 
5,  -3,  10, 

8,  -6,  13  • >, 

3,  -6,  -1, 

8,  -9,  -6, 

2,  -8,  13, 

5,  14,  -3  •>, 


4,  15,  -9, 

3,  13,  -8, 
2,  -4,  14  ■  } 

6,  -5,  10, 

5,  -  8,  -1, 
8,  -0,  -7, 
2,  -  7,  12  •  } 

8,  -4,  14, 

1  ,  10,  -5, 

4,  -1,  -2, 
14,  15,  -9  • > 

13,  -  8,  -1, 

•3,  -7,  -8, 

•  1  ,  11,  -7, 

■6,  -0,  13  ■ > 


*****: 


DES  CODE 


-EncryptDES:  Encrypt  a  block  using  DES.  Set  verbose  for  debugging  info. 
•(This  loop  does  both  loops  on  the  "DES  Encryption"  page  of  the  flowchart.) 
i 

void  Enc rypt DES ( boo  I  keyC56],  bool  outBlkC64],  bool  inBlkC64D,  int  verbose)  { 
int  i , round; 

bool  RC32],  LC32],  foutC32]; 
bool  roundKeyC56]; 


EnableDumpBin  =  verbose;  

DumpBin("input(left)",     inBlk+32,     32); 
DumpBin("input(right)",     inBlk,     32); 
DumpBinC'raw     key (left     )",     key+28,     28); 
DumpBin("raw    key(right)",     key,    28); 

/*  Compute  the  first  roundkey  by  performing  PC1  */ 


set  debugging  on/off  flag 
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47b264 
53af 5a 
0295d4 
840a5f 
48af 5a 
e81340 
1ad1a8 
a  e  a  f  5a 
7777ba 
cc7699 
baa  f  5a 
1 f f 437 
4421bf 
a491a0 
838034 
628117 
d2af 5a 
8b7f c3 
a  e  c8ba 
9b1467 
1950e7 
003cd7 
bb1bd4 
82af 5a 
e0033b 
14d969 
5c54e7 
4a4739 
2ba9e6 
a  5a  5a  b 
56af  5a 
7a68b4 
3aa  f  5a 
a3a140 
f ca063 
4b21bf 
a24514 
66df 1c 
d9af 5a 
5e8e68 
87af 5a 
71370b 
77cf94 
468b91 
cbf675 
b0ef e6 
43af 5a 
15af 5a 
01af 5a 
e038e5 
1e9b68 
6f a5c7 
1a495d 
b66de8 
b82b1c 
299aa1 
f 9bf af 
24af 5a 
5a1294 
96cb2a 
4b8f  b2 
f 60a8e 
395585 
82af 5a 
8cc1be 
a4b264 
dca  f  5a 
5f95d4 
300a5f 
33af 5a 
291340 
53d1a8 


ComputeRoundKey(roundKey,  key); 

DumpBin("roundKey(D",  roundKey+28,  28); 
DumpBin("roundKey(R)",  roundKey,  28); 

/  *  Compute  the  initial  permutation  and  divide  the  result  into  L  and  R  * / 
ComputeIP(L,R, inBlk) ; 

DumpBinC  after  IP(D",  L,  3  2); 
DumpBinC  after  I  P  (  R  )  "  ,  R  ,  32); 


for  (round  =  0;  round  <  16;  round++)  { 
if  (verbose) 

••printfC BEGIN  ENCRYPT  ROUND  %d 

DumpBin(" round  start(L)",  L,  32); 
DumpBin(" round  start(R)",  R,  32); 


\n 


round); 


/*  Rotate  roundKey  halves  left  once  or  twice  (depending  on  round)  */ 

RotateRoundKeyLeft ( roundKey) ; 

if  (round  !=  0  SS  round  !=  1  SS  round  !=  8  &&  round  !=  15) 

* • RotateRoundKeyl_eft(  roundKey); 

DumpBinC  roundKey(L)",  roundKey  +  28,  28); 

DumpBin("roundKey(R)",  roundKey,  28); 

/*  Compute  f(R,  roundKey)  and  exclusive-OR  onto  the  value  in  L  */ 

ComputeF(fout,  R,  roundKey) ; 

DumpBin("f(R,key)",  fout,  32); 

for  (i  =  0;  i  <  32;  i++) 

*  • L  C  i ]  A=  foutCi]; 

DumpBin("LAf(R,key)",  L,  32); 

Exchange-L~and^R(L,R); 

DumpBinC  round  end(L)",  L,  32); 

DumpBin(" round  end(R)",  R,  32); 

if  (verbose) 

■•printfC END  ROUND  %  d 


Exchange^L-,and-R(L,R) 


\n",  round); 


/*  Combine  L  and  R  then  compute  the  final  permutation  */ 

ComputeFP(outBlk,L,R); 

DumpBinC FP  out(  left)",  outBlk+32,  32); 

DumpBin("FP  out(right)",  out B  Ik,  32); 


DecryptDES:  Decrypt  a  block  using  DES.  Set  verbose  for  debugging  info. 
(This  loop  does  both  loops  on  the  "DES  Decryption"  page  of  the  flowchart.) 

void  Dec  rypt  DES  (boo  I  keyC56],  bool  ou  t  B  I  kll  64  H  ,  bool  inBlkC64],  int  verbose)  i 
int  i  ,  round; 

bool  RH32II,  LC32],  foutr.3211; 
bool  roundKeyC56]; 


set  debugging  on/off  flag  */ 


EnableDumpBin  =  verbose;  

DumpBinC input(left)",     inBlk+32,    32); 
DumpBin("input(right)",     inBlk,     32); 
DumpBin("raw    key (left     )",     key+28,     28); 
DumpBin("raw    key(right)",     key,     28); 

/*  Compute  the  first  roundkey  by  performing  PC1  */ 
ComputeRoundKey( roundKey,  key); 

DumpBinC' roundKey(L)",  roundKey  +  28,  28); 
DumpBin("roundKey(R)",  roundKey,  28); 

/*  Compute  the  initial  permutation  and  divide  the  result  into  L  and  R  */ 
ComputeIP(L,R, inBlk); 
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e0af 5a 
7177ba 
3d7699 
96af 5a 
3cf437 
3d21bf 
f f 2cb4 
528034 
e78117 
22af 5a 
d3033b 
06d969 
dc54e7 
b54739 
e  ca9e6 
dba  5ab 
50af 5a 
8e68b4 
e9af 5a 
2dc90d 
3210bc 
be1bd4 
3df 5db 
671 1 ff 
f97c23 
02af 5a 
ceal 40 
7ba063 
4321bf 
f 04514 
3f df 1 c 
61af 5a 
738e68 
71af 5a 
b9370b 
b9cf94 
b08b91 
df675 
7cef e6 
59af 5a 
9aaf 5a 
1daf 5a 
a938e5 
bd8d8b 
6c495d 
94988e 
f e17e0 
a  fa  f  5a 
be815b 
46d64b 
f3ef e6 
1  aa  f  5a 
4caf 5a 
b3af 5a 
af38e5 
3555cb 
42495d 
af7d60 
e4483e 
c717e0 
88af 5a 
9bf 689 
3ef e1b 
bb300b 
43575a 
b53242 
7adf 1c 
4d7b9f 
e0cf 9d 
a8ef e6 
f3af 5a 
5eaf 5a 


DumpBi n( "after  I  P ( L)  " ,  L  ,  32) 
DumpBin(  "after  IP(R)",  R,  32) 


for  (round  =  0;  round 
if  (verbose ) 

•  - printfC" 

DumpBin(" round  start(L) 
DumpBin(" round  start(R) 


16;  round++)  i 


BEGIN  DECRYPT  ROUND  %d 
L,  32); 
R,  32); 


\n",  round); 


/*  Compute  f(R,  roundKey)  and  excLusive-OR  onto  the  value  in  L  */ 

ComputeF(f out,  R  ,  roundKey); 

DumpBin("f(R,key)",  fout,  32); 

for  (i  =  0;  i  <  32;  i++) 

••LCi]  A=  foutti]; 

DumpBin("LAf(R,key)",  L,  32); 

Exchange-L-and-R(L,R); 

/*  Rotate  roundKey  halves  right  once  or  twice  (depending  on  round)  */ 

DumpBin("roundKey(L)",  roundKey+28,  28);  /*  show  keys  before  shift  */ 

DumpBin("roundKey(R)",  roundKey,  28); 

RotateRoundKeyRight(roundKey); 

if  (round  !=  0  &&  round  !=  7  &&  round  !=  14  SS  round  !=  15) 

• • RotateRoundKeyRight( roundKey)  ; 

DumpBin("  round  end(D",  L,  32); 

DumpBin(" round  end(R)",  R,  32); 

if  (verbose) 

•■printfC END  ROUND  %d 


\  n  "  ,  round) 


Exchange_L_andwR(L,R); 

/*  Combine  L  and  R  then  compute  the  final  permutation  */ 

ComputeFP(outBlk,L,R); 

DumpBinC'FP  out(  left)",  outBlk+32,  32); 

DumpBin("FP  out(right)",  outBlk,  32); 


-*  • Compu t eRoundKey  :  Compute  PC1  on  the  key  and  store  the  result  in  roundKey 

•  */ 

static  void  Compu t eRoundKey ( boo  I  roundKey C 56]  ,  bool  key[56H)  i 

•  •  i  n  t  i  ; 

••for  (i  =  0;  i  <  56;  i++) 
-•••roundKeyCtable-DES-PCIIIiD]  =  keyHill; 


•  Rot  a t eRoundKey Lef t  :  Rotate  each  of  the  halves  of  roundKey  left  one  bit 
i 

static  void  Rot  a t eRoundKey Le f t ( boo  I  roundKey C 56  ]  )  { 
bool  tempi,  temp2; 
i  n  t  i  ; 

tempi  =  roundKeyC27]; 

temp2  =  roundKeyC55D; 

for  (i  =  27;  i  >=  1;  i--)  { 

••roundKeyCi]  =  roundKeyCi-1]; 

••roundKeyCi+28]  =  roundKey[i+28-1]; 

> 

roundKeyC  0]  =  tempi; 

roundKeyC28H  =  temp2; 
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e0a  f  5a 
d338e5 
7dc6ad 
f 9495d 
1ab26c 
7d483e 
1517e0 
c0a  f  5a 
7a5025 
9c4548 
5fe568 
196cc2 
7809da 
ecdf 1c 
df a88d 
945d1 1 
e3ef e6 
2caf 5a 
41af 5a 
38af 5a 
7738e5 
a32903 
df 495d 
23ac44 
686085 
d417e0 
a  3a  f  5  a 
77aeaf 
07f 9a6 
4e6406 
adc750 
95af 5a 
500318 
70f 9a6 
daba85 
d40368 
3ef2b8 
60842c 
b070b5 
86df 1 c 
f 5ef e6 
4baf 5a 
70af 5a 
2aa  f  5a 
3738e5 
8e4f f e 
51495d 
d193a5 
f342e9 
5c17e0 
08af 5a 
2c6c41 
45f9a6 
916406 
878397 
8caf 5a 
d3a  ea  f 
98f 9a6 
1  c6406 
85e116 
be  e  f  e6 
18af 5a 
bea  f  5a 
a8af 5a 
5e38e5 
90810f 
01495d 
0c2720 
a3f6a2 
adbbe6 
d9af 5a 
2e1a04 


• Ro t a t eRoundKey R i gh t :  Rotate  each  of  the  halves  of  roundKey  right  one  bit 
I 

static  void  Ro t a t e RoundKeyR i g h t ( boo L  roundKey C 56 ] )  i 
boot  tempi,  temp2; 
i  n  t  i  ; 

tempi  =  roundKeyC0J; 

temp2  =  roundKeyC28D; 

for  (i  =  0;  i  <  27;  i++)  { 

••roundKeyCi]  =  roundKey[i+1]; 

■•roundKeyCi+28D  =  roundKeyCi+28+1]; 

} 

roundKeyC27]  =  tempi; 

roundKeyC55]  =  t  e  m  p  2  ; 


ComputelP:  Compute  the  initial  permutation  and  split  into  L  and  R  halves 

static  void  ComputelPCbool  LH32H,  bool  R  C  3  2  D  ,  bool  i  n  B  I  k  £  6  4  ]  )  -C 
bool  outputC64]; 
i  n  t  i  ; 

*  Permute 


or  (i  =  63;  i  >=  0;  i  — ) 
■outputC tab  le_DES-IPCiD] 


i  n  B  I  k  L  i  1  ; 
Bits  63 . . 32  go 
)  { 


bits  31 


go  in  R 


*  Split  into  R  and  L.  • 

*/ 

or  (i  =  63;  i  >=  0;  i  — 

•if  (i  >=  32) 

-•-LCi-32]  =  outputHi]; 

•else 

--■RCi]  =  output[i3; 


ComputeFP:  Combine  the  L  and  R  halves  and  do  the  final  permutation. 

static  void  C ompu t e F P ( boo  I  outBlkC64],  bool  LE323,  bool  RC32])  { 
bool  inputC64]; 
i  n  t  i  ; 

/*  Combine  L  and  R  into  inputC64] 

■  */ 

for  (i  =  63;  i  >=  0;  i--) 

• • inputCiD  =  (i  >=  32)  ?  LCi  -  32] 


RCi  ] 


/*  Permute 

•  */ 

for  (i  =  63;  i  >=  0;  i  — ) 

■•outBlk[table_DES_FPCi]]  =  inputHi]; 


•*  -ComputeF:  Compute  the  DES  f  function  and  store  the  result  in  fout 

•  */ 

static  void  Compu t e F ( boo  I  foutC32],  bool  RC32H,  bool  roundKey C 56 ] )  { 

••bool  expandedBlockC48],  subkey[48D,  soutC32]; 

-  -  i  n t  i , k; 


•  •  / 


Expand  R  into  48  bits  using  the  E  expansion 
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fb99d7 
e5f 0ba 
ef af 5a 
7693f f 
4a7840 
21d717 
39af 5a 
e5154c 
bf f cab 
2d6512 
f baf 5a 
340740 
0225c6 
e985c7 
67af 5a 
dbfd35 
6d2d52 
b3efe6 
0caf  5a 
76af 5a 
d3af 5a 
5538e5 
eb913f 
52495d 
61f410 
3b17e0 
20af 5a 
b5339a 
3f7688 
b1efe6 
10af 5a 
94af 5a 
70af 5a 
5b38e5 
8a859b 
ad495d 
49a67e 
9bf 3da 
a  5a  f  5a 
ad1 a9e 
6a  f  ccb 
f 18c1a 
3faf 5a 
164a3e 
34b706 
4baf 5a 
0a8aed 
0c9a60 
3a6aec 
d9f487 
708c7f 
95ef e6 
dfaf 5a 
78af 5a 
d2af 5a 
0338e5 
8181cc 
2a495d 
22796f 
2817e0 
d0af 5a 
17f cab 
bec8bc 
16ef e6 
67af 5a 
c5af 5a 
43af 5a 
2838e5 
20459d 
b8495d 
4bb46d 
e817e0 


• ComputeExpansionE(expandedBlock,  R  )  ; 
•DumpBinC  expanded  E",  expandedBLock,  48); 

•/*  Convert  the  roundKey  into  the  subkey  using  PC2  */ 
•ComputePC2(subkey,  roundKey); 
• DumpBinC subkey",  subkey,  48); 

•/*  XOR  the  subkey  onto  the  expanded  block  */ 
•for  (i  =  0;  i  <  48;  i++) 
•••expandedBLockCiD  A=  subkeyCi]; 

•/*  Divide  expandedBLock  into  6-bit  chunks  and  do  S  table  Lookups  */ 

-for  (k  =  0;  k  <  8;  k++) 

**'ComputeS_Lookup(k,  sout+4*k,  expandedBLock+6*k); 

-/*  To  complete  the  f()  calculation,  do  permutation  P  on  the  S  table  output 
•ComputeP(fout,  sout); 


ComputeP:  Compute  the  P  permutation  on  the  S  table  outputs 


static  void  Compu t eP ( boo L  out  put [32  ]  ,  bool  input[32])  { 
•  •  i  n  t  i  ; 


for  (i  =  0;  i  <  32;  i++) 
•  •  output  [table-DES-PM:: 


i  npu  t [ i  H , 


/ 

sta 


•Look  up  a  6-bit  input  in  S  table  k  and  store  the  result  as  a  4-bit  output 

tic  void  ComputeS-Lookup(int  k,  bool  output[4],  bool  input[6D)  { 
nt  inputValue,  outputValue; 

*  Convert  the  input  bits  into  an  integer  */ 

nputValue  =  input[0]  +  2*input[1D  +  4*input[2]  +  8*input[3H  + 

16*input[4H  +  32*inputC53; 


/*  Do  the  S  table  lookup  */ 

outputValue  =  table-DES-SCkKinputValue]; 

/*  Convert  the  result  into  binary  form  */ 

output[0]  =  (outputValue  8  1)  ?  1 

outputMD  =  (outputValue  S  2)  ?  1 

output[2D  =  (outputValue  8  4)  ?  1 

output[3H  =  (outputValue  8  8)  ?  1 


•*  -ComputePC2:  Map  a  56-bit  round  key  onto  a  48-bit  subkey 

•  */ 

static  void  Compu t ePC 2 ( boo  I  subkey[48H,  bool  roundKey [ 56 ]  )  { 

•  •  i  n  t  i  ; 


for  ( i  =  0  ; 
••subkeyMH 


<  48;  i++) 
roundKey[table^,DES^PC2[iD] 


■*  • Compu t e Expans i on E :  Compute  the  E  expansion  to  prepare  to  use  S  tables 

•  */ 

static  void  Compu t e Expans i on E ( boo  I  expa ndedB  I  oc k[ 48] ,  bool  R[32])  { 

*  *  i  n  t  i  ; 
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e0a  f 5a 
f 3f cab 
7db971 
0  ce  f  e6 
e0a  f 5a 
a1 af 5a 
d8af 5a 
2e38e5 
10f923 
08495d 
c895d1 
5a17e0 
a  aa  f  5  a 
36339a 
b225db 
f 8ef e6 
3eaf 5a 
84af 5a 
60af 5a 
0038e5 
489231 
41495d 
1ddbd9 
6e17e0 
56af 5a 
648af 7 
6db2e5 
5c646c 
42df 1 c 
8eaf 5a 
413332 
3f f 079 
b7c8c3 
655f c3 
98eac8 
d2de5b 
8a3177 
de821 f 
4ec8c3 
6b6b57 
a705d7 
0bf 78c 
2ef a6f 
04df 1 c 
01ef e6 
f2af 5a 


for  (i  =  0;  i  <  48;  i  +  + ) 

•  • expandedBlockCi  ]  =  R C t a b L e^D E S^E C i  ]  ] 


Ex  changeu-L^and^R :  -Swap  L  and  R 


static  void  Ex  c  hange-L^a  nd^,R  (  boo  L  LH32H,  boot  RH32H)  { 
*  *  i  n  t  i  ; 


for  (i  =  0;  i  <  32;  i++) 
• • LCi]  A=  RCi]  A=  LM3  A 


R  C  i  ]  ; 


/*  exchanges  LCi]  and  RCi]  */ 


/ 
sta 


■DumpBin:  DispLay  intermediate  values  if  ema b I e DumpBi n  is  set. 

tic  void  DumpBin(char  *str,  boot  *b,  int  bits)  { 
nt  i  ; 

f  ((bits  %  4)  !=0  |  |  bi  ts>48)  { 

*printf("Bad  call  to  DumpBin  (bits  >  48  or  bit  len  not  a  multiple  of  4\n") 

•  e  x  i  t  ( 1  )  ; 


f  ( Enab I eDumpBi  n  )  { 
for  (i  =  strlen(str); 

•  •  p  r  i  n  t  f  (  "  "  )  ; 
printf("%s:  ",  str); 
for  (i  =  bits-1;  i  >= 
-  •  p  r  i  n  t  f  (  "  %  d  "  ,  b  t  i  ]  )  ; 
p  r  i  n  t  f  (  "  "  )  ; 

for  ( i  =  bits;  i  <  48; 

•  •  p  r  i  n  t  f  (  "  "  )  ; 
p  r  i  n  t  f  (  "  (  "  )  ; 

for  (i  =  bits-4;  i  >= 


14; 


i  — ) 


4) 


• -printf("%X",  bCi]+2*b[i+i:+4*bCi+2:+8*bCi+3]); 
p  r  i  n  t  f  (  "  )  \  n  "  )  ; 


Chapter  5:  Software  Source  Code  5-25 


--5  f 71  001ba22687980020008  Page  1  of  des.h 

8d2d03  /*****************************************************^ 

cb1a06  -  *  des.h  

0f4b62  •*  Header  file  for  des.c  

5c29eb  -*  

57d9a2  •*  ■ -Written  1995-8  by  Cryptography  Research  (http://www.cryptography.com) 
e9c441  •*  ■■Original  version  by  Paul  Kocher.  Placed  in  the  public  domain  in  1998. 
f64992  •*  -THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK. 

4329eb  •*  

ddc755  ■*  -IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM. 

3e29eb  -  *  

d  d  4  8  9  b  *************************************************************************** 

8029eb  -  *  

246eef  •*  --REVISION  HISTORY:  

8b29eb  •*  

00c443  •*  --Version  1.0:  -Initial  release  - --  PCK.  

87f57b  •*  --Version  1.1:  -Changes  and  edits  for  EFF  DES  Cracker  project.  

6029eb  •*  

ffd8c3  *************************************************************************** 

45af 5a 

9da019  #ifndef  ^-DES-H 

828311  #define  DES-H 

a3a  f 5a 

c608c5  typedef  char  bool; 

909629  void  En c ryp t D E S ( boo  I  key[56],  bool  ou t B  I  k [ 64 ] ,  bool  inBlkC64],  int  verbose) 

8e8db3  void  De c ryp t D E S ( boo  I  keyC56],  bool  outBlkC64],  bool  inBlkt64],  int  verbose) 

bca  f  5a 

f27454  #endif 

baa  f 5a 
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8d2d03 
2fe318 
f a709c 
f829eb 
5d09f c 
0b8aaf 
be  caeb 
9a4992 
8c29eb 
72c755 
5329eb 
cf 489b 
cb29eb 
3615cb 
b629eb 
c6922a 
b77950 
ec6515 
6bec7c 
5829eb 
a5489b 
4229eb 
d16eef 
c329eb 
7828d9 
2c29eb 
aed8c3 
41af 5a 
6abcd3 
55a5c9 
02af 5a 
28af 5a 
c5feb2 
a  2bea  3 
9b1465 
49324c 
46c737 
2b0a8b 
93b1cb 
00c94c 
552ba0 
eca  f  5a 
5eb216 
7146f f 
51ab37 
66af 5a 
34af 5a 
e2164b 
551309 
ba  bedd 
7963f  8 
f a17e0 
5fd5d9 
8e83f 2 
32154a 
16817e 
cbdc95 
90b0c9 
ea6651 
15790e 
78488f 
c7af 5a 
53ee0f 
5bf  f  aa 
cf 2e08 
c5c4fd 
051151 
50805d 
d504bf 
8aa1fb 
d7af 5a 
7f  cf  50 


************************************************************** 


initsrch. c 


DES  Search  Engine  Search  Definition  Prograi 


•-Written  1998  by  Cryptography  Research  (http://www.cryptography.com) 

and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  •«• 

Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  ••• 

THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK 


IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM 


*********** 


******************************** 


IMPLEMENTATION  NOTES 


This  program  is  used  to  define  searches  that  will  be  run  on  the  DES 
search  array.  -The  program  creates  a  search  context  file  containing 
the  ciphertexts,  search  parameters,  and  a  list  of  the  key  regions  • 
to  search.  -(A  key  region  is  the  top  24  bits  of  a  key.)  


******* 


******* 


REVISION  HISTORY:  

Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF. 


******i 


*************************************; 


*********: 


*********/ 


#de 
#de 


fine  SOFTWARE-VERSION  "1.0" 

fine  SOFTWARE-DATE  -•■"04-21-1998 


//include  <stdio.h> 
#i  nc lude  <std  I  i  b  .  h> 
^include  <conio.h> 
//include  <string.h> 
//include  <memory.h> 
//include  <time.h> 
//include  <ctype.h> 
//include  "search. h" 
#include  "keyblock.h" 

//define  EXIT-ERR(s)  {  f  printf  (stderr,  s);  exitd);  > 

static  void  dumpFJin(char  *  i  n  t  r  o  ,  unsigned  char  *data,  int  len); 

static  int  unh ex ( uns i gned  char  *data,  char  *hex,  int  byteCount) 


int  main(int  argc,  char  **argv)  i 

--char  searchType;  

-•int  nextArg  =  1; 

••unsigned  char  plaintextC8J; 

••int  i ; 

•  • char  *c,  buf C1003; 

•  •  SEARCH-CTX  ctx; 
-•FILE  *  o  u  t  f  i  I  e  ; 

••char  asciiBytesCH  =  {  -0,  9,  10 

'0'  ,  '  1  • , '2' , '3' ,  '4'  ,  '  5 

'A'/B'/C'/D'/E'/F 

,N,,,0,,,P,,,Q,,,R,,'S 

,a','b,,,c,,,d,,,e,,,f 

'n' ,  'o' ,  'p'  ,  'q'  ,  '  r  '  ,  '  s 


/*  valid  search  types  are  K,C,E,B,M 


i  i  i 

8' 

I 
V 


pr i nt f (  "  \nDES  Search  Definition  Util.  (Ver  %s,  %s).  May  be  export 

"  controlled. \nWritten  1998  by  Cryptography  Research  " 

"(http://www.cryptography.com)  for  EFF.Xn" 

"This  is  unsupported  " 

"free  software:  Use  and  distribute  at  your  own  risk.Xn" 


\  n  \  n  \  n  " 


SOFTWARE-VERSION,  SOFTWARE-DATE) 

if  (argc  ==  1 )  { 
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87048b 
a20e7c 
0ea4b3 
b34c3c 
192f f0 
289890 
ad835b 
42dba1 
171870 
2cf69b 
c31498 
36df 1c 
41af 5a 
8b3b84 
142284 
b034d4 
5449d8 
3da6db 
7e0aa5 
7a5331 
6ea68e 
383b52 
2bdf 1c 
e2744c 
5c046f 
b8eee0 
27af 5a 
28f  1  d  1 
e92284 
0534d4 
7949d8 
1c4645 
893c39 
458386 
ede877 
c042f  4 
f72546 
457020 
2e98f 5 
6f3b52 
16df 1c 
bde55a 
1 f b2f b 
d09d35 
caa  f 5a 
3653c4 
b606fd 
40af 5a 
31beaf 
b6f875 
66d208 
2a6a79 
865acf 
44ec56 
51 9eec 
716fe7 
3b2686 
5284f6 
43af 5a 
d154a2 
99f875 
b6d208 
206a79 
116433 
ebec56 
d79eec 
306f e7 
a00e9c 
ed301 c 
0baf 5a 
95b74c 
b6b998 


"Parameters  can  be  entered  on  the  command  Line  or  entered  " 

'manua L Ly . \n\nUsage  modes:  •  ( c t x t  =  c i phe r t ex t  ,  pt x t  =  p  I  a i n t ex t ) \ n 
desbrute  search. ctx  K  (8  bytes  ptxt)  (8  bytes  ctxt)\n" 
desbrute  search. ctx  E  (8  bytes  ctxt0)  (8  bytes  ctxt1)\n" 
desbrute  search. ctx  C  (8  bytes  IV)  (8  bytes  ctxt0)  " 

" (8  bytes  ctxtl  )  \n" 

desbrute  search. ctx  B  (1  ctxt  byte  to  repeat)\n" 
desbrute  search. ctx  M  (ptxtVec)  (IV)  (ctxt0)  (ctxtl)" 
"(bMask)  (schlnf )\n\n" 

'Parameters  can  also  be  input  from  a  file  (e.g.,  " 

'  \" desbrute  <  param.in\"\n\n"); 


*  OPEN  OUTPUT  FILE  ****/ 
argc  >  nextArg)  { 
=  argvtnextArg++D; 
se  i 

intf(" Enter  output  file  for  search  context  CENTER  =  \ " search,  c  t  x \ " ] 
ts(buf  ); 
(*buf  = 
s  t  r cpy ( bu 
=  buf 


\0'  ) 
f  ,  "search. ctx") ; 


f  ( 
•  c 

el 
pr 
pr 
pr 
pr 
pr 
pr 
pr 

fg 

c 


i  L  e  =  fop 
ou t  f  i  L  e  = 

IT-ERRC'E 

*  INITALI 
argc  >  ne 
=  argvCne 
se  { 

i  ntf ( "The 
intf  ( 
intf  ( 
intf  ( 
intf  ( 
intf  ( 
i  ntf ( "Ent 
ets(buf , 
=  buf; 

chTy pe    = 

strchrC'K 

IT-ERRC'U 

*  INITALI 
searchTyp 

Get  know 
(argc  > 
c  =  a  r  g  v  C 
else  { 
pr i  ntf (  "E 
f gets (buf 
c  =  buf; 

(unhex(p 
EXIT-ERR( 

Get  ci  ph 
(argc  > 
c  =  argvt 
else  i. 
printf ( "E 
fgets(buf 
c  =  buf; 

(unhex(c 
EXIT^ERR( 

Set  ctx 
mset(ctx 


/*  open  output  file  */ 


e  n  (  c  ,  "  w  b  "  )  ;  

=  NULL) 

rror  opening  output  file.Xn" ); 

ZE  searchType  ****/ 
xt Arg  )  i 
xtArg++]; 

array  supports  a  variety  of  search  types:\n"); 
K  -  Known  plaintext  (standard  brute  force). \n") 
E  -  ECB  ASCII  t  e  x  t  \  n  "  )  ; 
C  -  CBC  ASCII  text\n"); 
B  -  Blaze  c  h  a  L  I  e  n  g  e \ n  "  )  ; 

M  -  Manual  parameter  specif ication\n"); 
er  search  type:  "); 
99,  stdin); 


(char)toupper(cC0D); 

ECBM",  searchType)  ==  NULL) 

nknown  search  type.  • Exiting. \n"); 

ZE  PARAMETERS  FOR  KNOWN  PLAINTEXT  SEARCHES  ****/ 
e  ==  'K'  )  { 

n  plaintext  */ 
nextArg)  { 
nextArg++]; 

nter  known  plaintext  (16  hex  digits):  "); 
,  99,  stdin); 


laintext,  c,  8)) 

"Invalid  plaintext.  (Must  be  16  hex  digits)"); 

ertext  0  (use  same  for  ciphertext  1)  */ 

nextArg)  { 

nextArg++]; 

nter  ciphertext  (16  hex  digits):  "); 
,  99,  stdin); 


t x  .  c i phe r t ex t 0,  c,  8)  j|  unhex ( c t x  .  c i phe r t ex 1 1  ,  c,  8)) 
"Invalid  ciphertext.  (Must  be  16  hex  digits.)"); 


p I  a i n t ex t Vec t or ,  0,  s i z eof ( c t x . p I  a i n t ex t Ve c t o r  )  ) 
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D10371 
0c2965 
9d09b5 
231 75f 
d8f 1c6 
73df  1  c 
10af 5a 
1a6d39 
0a4571 
blaf 5a 
9d92ba 
dd5306 
0ae472 
eaa6ab 
dbcf  c7 
04935c 
635c62 
20cc35 
8f 42cc 
f77471 
906bc1 
e26f e7 
30af 5a 
16b543 
8cf875 
b0d208 
b86a79 
1  c0a80 
c2e  c  56 
819eec 
636fe7 
d0f3c8 
ab36df 
c4a  f  5a 
83be07 
2df875 
7ad208 
666a79 
a98349 
6c  e  c  56 
e69ee  c 
ee6f  e7 
54dfef 
8bf3eb 
82af 5a 
14b74c 
37b998 
6634e6 
f7c77d 
7609b5 
a84bf  c 
c97dd1 
bc0a6e 
476a79 
60ba9b 
6e1 c50 
706f  e7 
48df  1  c 
1baf 5a 
ec0b8e 
9f  238e 
6ca  f 5a 
207380 
cbf 875 
8fd208 
266a79 
1db847 
cf ec56 
899eec 
2c6f  e7 
790aab 
bdc25b 


for  (i  =  0;  i  <  8;  i++) 

■■ctx.plaintextVectorCplaintextll-n/S]  |  =  (1  <<  (pLaintextCi]  %  8 )  )  ; 

ctx.plaintextByteMask  =  0x00; 

memse t ( c t x . p I  a i n t ex t XorMa s k,  0,  s i zeof ( c t x . p L a i n t ex t Xo rMa s k ) ) ; 

ctx.searchlnfo  =  16;  /*  useCBC=0,  extraXor=0,  boardActi veEn=1  */ 

> 

/****  INITALIZE  PARAMETERS  FOR  ASCII  SEARCHES  ****/ 
if  (searchType  ==  'E'  ||  searchType  ==  'C')  ■( 

/*  Get  IV  (only  if  this  is  ciphertext  mode)  */ 
f  (searchType  ==  'C')  { 
f  (argc  >  nextArg)  -C 
*c  =  argvCnextArg++]; 

else  { 
•printf (" Enter  IV  (16  hex  digits):  "); 
•fgets(buf,  99,  stdin); 
•  c  =  b  u  f  ; 

f  ( unhex ( c t x . p L a i n t ex t Xo rMa s k,  c,  8)) 

■EXIT-ERRC Invalid  IV.  (Must  be  16  hex  digits.)"); 


hertext  0  */ 
nextArg)  -C 

EnextArg++]; 

Enter  ciphertext0  (16  hex  digits):  ") 
f,  99,  stdin); 


c t x  .  c i ph e r t ex t 0,  c,  8)) 

("Invalid  ciphertext0.  (Must  be  16  hex  digits.)"); 

hertext  1  */ 
nextArg)  -C 

EnextArg++]; 

Enter  ciphertextl  (16  hex  digits):  "); 
f,  99,  stdin); 

ctx. ciphertextl,  c,  8)) 

("Invalid  ciphertextl.  (Must  be  16  hex  digits.)"); 

*/ 
.plaintextVector,  0,  sizeof(ctx.plaintextVector)); 
;  i  <  sizeof(asciiBytes);  i++) 

ntextVectorCasciiBytesCi]/8]  \=     (1  <<  (asciiBytesHiH  %  8 )  )  ; 
ex tBy t eMask  =  0x00; 
Type  ==  'E'  )  { 

t x . p I  a i n t ex t Xo rMa s k  ,  0,  s i z eof ( c t x . p I  a i n t ex t Xo rMa s k  )  )  ; 
chlnfo  =  16;  /*  useCBC=0,  extraXor=0,  boardActiveEn=1  */ 


/*  Get  ci  p 

if  (argc  > 

• • c  =  argv 

>  else  { 

-  - pr i  nt  f  (  " 

•  *  fgets(bu 

■  ■  c  =  b  u  f  ; 

} 

if  (unhex( 

• • EXIT-ERR 

/*  Get  c  i  p 

if  (argc  > 

* ■ c  =  argv 

>  else  { 

-  -  p  r  i  n  t  f  (  " 

■ • fgets(bu 

■ • c  =  buf ; 

> 

if  (  unhex ( 

■  ■  EXIT-ERR 

/*  Set  ctx 

memset(ctx 

for  ( i  =  0 

■  ■  c  t  x  .  p  I  a  i 

ctx. plaint 

if  (search 

• • memse  t ( c 

*  *  c  t  x  .  sea  r 

>  else  { 

•  *  /*  alrea 

• • ctx.sear 

dy  set  pla i ntextXorMask  =  IV  */ 
chlnfo  =  17;  /*  useCBC  =  1 


extraXor: 


boardActi veEn=1 


/****  INITALIZE  PARAMETERS  FOR  BLAZE  CHALLENGE  ****/ 
i  f  (searchType  ==  'B'  )  { 

/*  Get  ciphertext  byte  */ 

f  (argc  >  nextArg)  { 

•c  =  argvCnextArg++3; 
>  else  { 

•printfC" Enter  ciphertext  byte  (2  hex  digits):  "); 

•fgets(buf,  99,  stdin); 

•  c  =  b  u  f  ; 

f  ( unh ex ( c t x . c i phe r t ex t 0,  c,  1)) 

*EXIT_ERR(" Invalid  ciphertext  byte.  (Must  be  2  hex  digits.)") 
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e0af 5a 
ce0ca4 
3f0371 
e°3cde 
1faf 5a 
c7b74c 
9f b998 
8af eec 
8805d2 
ce175f 
73be5d 
91df  1c 
a2a  f  5a 
fd55a2 
dc1e07 
34af 5a 
cca678 
21f875 
edd208 
9a6a79 
ef6b16 
a9a298 
802647 
78b24d 
27ec56 
899eec 
a36f e7 
61e75f 
e70a17 
e0af 5a 
296737 
84f875 
36d208 
aa6a79 
84b7f3 
122794 
98ec56 
6b6ee8 
d39be8 
dc9eec 
e96f  e7 
64dd72 
9f cece 
blaf 5a 
f cb543 
9df875 
29d208 
146a79 
f 00a80 
efec56 
ab9eec 
5d6f e7 
19f3c8 
b436df 
a7a  f  5a 
af be07 
5f  f875 
cdd208 
9d6a79 
918349 
adec56 
799eec 
f 26f e7 
cddf ef 
5ef3eb 
d6af 5a 
67f875 
b3d208 
d06a79 
ac9ea5 
ea0847 
84a104 


•/*  Set  a  L  L  ciphertext0  and  ciphertextl  bytes  to  the  input  byte  */ 

•for  (i  =  0;  i  <  8;  i++) 

••*ctx.ciphertext0Ci]  =  ctx.ciphertextlCiD  =  ctx.ciphertext0[0D; 

•/*  Set  ctx  */ 

•memset(ctx. plaintextVector,  0,  sizeof(ctx. plaintextVector)); 

•ctx.plaintextVector[0]  =  1 ;  /*  halt  on  00000000????????  */ 

•ctx.plaintextByteMask  =  0x0F;  /*  halt  on  00000000????????  *  / 

■memset(ctx. plaintextXorMask,  0,  sizeof(ctx. plaintextXorMask)); 

•ctx.searchlnfo  =  2+16;  /*  useCBC=0,  extraXor=1,  boardActiveEn=1  */ 

> 

/****  INITALIZE  PARAMETERS  FOR  MANUAL  MODE  ****/ 
if  (searchType  ==  'M')  { 

/*  Get  plaintextVector  */ 
f  (argc  >  nextArg)  { 
•c  =  a rgv C nex t A rg++] ; 
>  else  { 

printf("The  plaintextVector  specifies  which  bytes  can  appear  in  the\n"); 

printf(" plaintext.  -The  MSB  (of  the  first  byte  entered)  specif ies\n"); 

printfC whether  0xFF  (255)  can  appear.  The  LSB  is  for  0x00.  \n\n"); 

printf ("Enter  plaintextVector  (64  hex  digits):  "); 

fgets(buf,  99,  stdin); 

c  =  buf; 

f  ( unhex ( ctx . p la i nt ex t Vector,  c,  32)) 

•EXIT-ERRC  Invalid  plaintextVector.  (Must  be  64  hex  digits.)"); 


*  Get  p la i ntext XorMask  */ 
f  (argc  >  nextArg)  i 
•c  =  argv[nextArg++]; 
>  else  { 

printf("The  plaintextXorMask  is  used  for  the  CBC  mode  IV.  \n"); 

printfC Enter  plaintextXorMask  (16  hex  digits  or  ENTER=none):  " 

fgets(buf,  99,  stdin); 

if  ( b  u  f  C  0 1    ==     '  \  0  '  )  ; 

•  •  strcpy(buf,  "0000000000000000"); 

c  =  buf; 

f  ( unhex ( c t x . p I  a i n t ex t Xo rMa s k,  c,  8)) 

•EXIT-ERRC  Invalid  plaintextXorMask.  (Must  be  16  hex  digits.)"); 


*  Get  ci  pher text  0  */ 
f  (argc  >  nextArg)  -C 
■c  =  argvCnextArg++]; 
}  else  { 
•printfC Enter  ciphertext0  (16  hex  digits):  "); 
■fgets(buf,  99,  stdin); 
■  c  =  b  u  f  ; 


f  ( unhex ( c tx . c i phe r text  0,  c, 
•EXIT-ERRC  Invalid  ciphertext 


)  ) 


(Must  be  16  hex  digits.)") 


*  Get  ciphertext  1  */ 
f  (argc  >  nextArg)  { 
•c  =  a rgv C nex t A rg  +  +  ]  ; 
>  else  { 

printfC Enter  ciphertextl  (16  hex  digits) 
fgets(buf,  99,  stdin); 
c  =  buf; 
> 


"); 


f  ( unhex ( c t x . c i phe r text  1  ,  c,  8)) 

-EXIT^ERRC Invalid  ciphertextl.  (Must  be  16  hex  digits.)"); 

f  (argc  >  nextArg)  -C 

•c  =  argv[nextArg++]; 
>  else  { 

printfCThe  p  I  a  i  n  t  e  x  t  By  t  eMa  s  k  specifies  which  bytes  of  the  p  la  i  ntext  \n"  ) 
printf ("are  examined  in  the  output.  -Normally  this  is  zero,  but  if\n"); 
printfC only  partial  plaintext  is  available,  the  unknown  bits  can\n"); 
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e2a994 
0c1884 
35f4f  5 
9fec56 
e59eec 
5c6f e7 
11d9bc 
0603d8 
dlaf 5a 
9cf875 
a3d208 
c46a79 
60ef b7 
58f304 
6137c1 
6555ba 
2b6a7f 
7931e2 
1779e1 
7a8401 
c4a056 
5295d9 
41 f 125 
6eec56 
859eec 
a16fe7 
a7ac03 
196157 
a5df 1c 
42af 5a 
c7361b 
630dc6 
ef6965 
22cb15 
d  c  be  e6 
51ed2d 
48fb0f 
8fe310 
54a225 
90f41b 
df  af  5a 
022e67 
fbeb50 
14b77b 
1a530e 
1e55cf 
46b812 
2bc86a 
faefe6 
76af 5a 
03af 5a 
5e38e5 
915ba9 
4c495d 
15e54b 
1d17e0 
313b28 
91 c199 
1bcd57 
79fee8 
c8ef e6 
c  5a  f 5a 
2daf 5a 
9f38e5 
9cf0ab 
09495d 
a55514 
4253c4 
cb03d6 
db8db1 
b20ada 
0849e3 


printf("be  set  to  1.  For  example,  if  the  Left-hand  plaintext  byte\n") 
printf ("is  unknown,  the  mask  would  be  0x80.\n\n"); 
printfC  Enter  plaintextByteMask  (1  byte):  "); 
fgets(buf,  99,  stdin); 
c  =  bu  f  ; 


f  ( unhex ( & ( c t x . p I  a i n t ex t By t eMa s k  )  ,  c 
•EXITnERRC Invalid  plaintextByteMask 


1  )) 

(Must  be  2  hex  digits.)"); 


f  (a 

•  c  = 
els 
pri 
pri 
p  r  i 
p  r  i 
pri 
pri 
pri 
p  r  i 
pri 
pri 
pr  i 
fge 
c  = 

f  (u 

•  EXI 


rgc  > 
argv 
e  { 
ntf  (" 
n  t  f  (  " 
n  t  f  (  " 
n  t  f  (  " 
ntf  (" 
ntf  (" 
ntf  (" 
ntf  (" 
ntf  ( 
ntf  (" 
ntf  (" 
ts(bu 
buf  ; 


nextArg)  { 

[nextArg++]; 

\n\nThe  searchlnfo  byte  has  two  search  pa r ame t e rs : \n 
•bit  0x10:  boa rdAc t i veEnab I e .  -Set  this  to  one.Xn") 
•bit  0x02:  extraXor.  -If  set,  after  the  decryption 

the  right  half  is  XORed  onto  the  le 

This  is  for  Matt  Blaze's  challenge. 

■bit  0x01:  useCBC.  -If  set,  the  first  ciphertext  is 

onto  the  second  plaintext  before  th 

plaintext  is  checked  against  the  ") 

"plaintextVector.\n(Higher  bits  con 

searchActive,  which  is  currently  unused. )\n"); 

\nEnter  searchlnfo  (1  byte):  "); 

f,  99,  stdin); 


"); 

r 

i  s  do 
f  t  .\n 
\  n  "  )  ; 
XORe 
e  sec 


n  e  ,  \  n  "  )  ; 
"); 


d  \  n  "  )  ; 

ond\n") 


trol") 


nhex  (S ( ctx . searchlnfo) ,  c,  1)) 

T-ERR ( " I nva I i d  searchlnfo.  (Must  be  2  hex  digits.)") 


printf  ("\n\n\n SEARCH  PARAMETERS  ") 

pr  i  nt  f  (  "■ 

dumpBin( 

dumpBin( 

dumpB  i  n ( 

dumpB  i  n  ( 

dumpBi n ( "ptxtBy teMask  =  ",  & ( c t x . p I  a i n t ex t By t eMa s k  )  ,  1); 

dumpBi  n ( 

printf  (" "); 

pri  ntf  (" \n") 


"  -ptxtVector  = 

"  ptxtXorMask  = 

"  ciphertext0  = 

"  ciphertextl  = 

"ptxtByteMask  = 

"  -searchlnfo  = 


\n"); 

ctx.plaintextVector,  32); 
ctx.plaintextXorMask,  8); 
c t x . c i ph e r t ex t 0,  8); 
ctx. ciphertextl,  8); 
&(ctx. plaintextByteMask), 
&(ctx. searchlnfo),  1); 


/****  write  SEARCH  PARAMETERS  TO  OUTPUT  FILE 

printf("\n\nWriting  output  file..."); 

fflush(stdout); 

WriteSearchContext(outfi  le,  Sctx); 

fclose(outfi  le); 

printf("Done.\n"); 

return  (0); 


**  -Print  a  descriptive  string  followed  by  a  binary  value  (in  hex) 

-  */ 

static  void  dumpBin(char  *intro,  unsigned  char  *data,  int  len)  { 

i  n  t  i  ; 

printf(intro); 

for  (i  =  len-1;  i  >=  0;  i  — ) 

-  •  p  r  i  n  t  f  (  "  %  0  2  X  "  ,  d  a  t  a  I  i  ]  )  ; 

p  r  i  n  t  f  (  "  \  n  "  )  ; 


•*  -Convert  an  ASCII  digit  from  hex  to  an  int,  or  return  -1  if  not  hex 

•  */ 

static  int  unh  ex  D  i  g  i  t  (  c  ha  r  c)  -C 

if  (c  >=  '0'  &&  c  <=  '9' ) 

■-return  (c  -  '0'); 

if  ( c  >=  ■ a '  SS  c  <=  '  f  '  ) 

•-return  (c  -  'a'  +  10); 


if  (c  >  = 


F'  ) 
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0da66f 
59a5eb 
fdef e6 
leaf  5a 
5eaf 5a 
2238e5 
1d22f 5 
a4495d 
62af e2 
01e13a 
6aa  f 5a 
e6aea1 
128f8d 
a  f af  5a 
852a60 
97d4c3 
f 701aa 
7c72f3 
3bf89c 
a  1  a  f  5a 
665c18 
a3400d 
e2ed9d 
759629 
36eb9c 
6e001d 
47b9b9 
bc5824 
66df1c 
171eb2 
9e21eb 
1cb9b9 
23c86a 
f8ef e6 
f caf 5a 
baa  f  5a 
fdaf 5a 


••return  (c  - 
return  ( - 1  )  ; 


/*  return  -1  for  error:  bad  hex  digit 


Convert  a  string  of  hex  characters  into  unsigned  chars. 

static  int  unhex ( uns i gned  char  *data,  char  *hex,  int  byteCount)  { 
i  n  t  i  ,  j  ; 

if  (data  ==  NULL  jj  hex  ==  NULL) 
•  •  return(-1  ); 


&&  hexM] 


/*  Remove  comments  and  whitespace  */ 
for  (i  =  j=0;  hexlli]  !=  0  8  &  hexCiD  !  = 
•  •  if  (hexM]  >  '  ■  ) 
••••hexCj++D  =  hexti]; 
hextj]  =  '\0'; 

if  ( ( i nt )  st r Len( hex)  !=  byteCount*2) 

••return  (  - 1  )  ; 

memset(data,  0,  byteCount); 

for  (i  =  0;  i  <  2*byteCount;  i++)  { 

••j  =  unhexDigit(hexCi]); 

• • if  ( j  <  0) 

••••return  (-1); 

- • dataCbyteCount  -  1  -  i/2D  |=  j  <<  ((i  &  1)  ?  0 

> 

for  (i  =  2*byteCount;  i  <  (int  )str  len(hex);  i++) 

••if  (!isspace(hexCi])) 

••••return  (-1); 

return  (0); 


i++) 


:  4) 
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8d2d03 
535ef 1 
33ec57 
1c29eb 
bf09f  c 
d58aaf 
36caeb 
394992 
c629eb 
11c755 
1b29eb 
27489b 
ee29eb 
a  46e  e  f 
3129eb 
0b28d9 
4929eb 
b5d8c3 
60af 5a 
56f  eb2 
a  1 bea3 
9b1465 
76324c 
e1c737 
0f0a8b 
88b1cb 
28c94c 
f92ba0 
b6af 5a 
817f4a 
a9dcbc 
1a7150 
e8af 5a 
1d41 71 
1391d3 
b8708e 
cf af 5a 
839edf 
9000a6 
2baf 5a 
82af 5a 
3938e5 
bda837 
54495d 
f 504e1 
91e4cc 
5cac42 
7f  af  5a 
d261e8 
0e7f  45 
893148 
64052f 
21d22a 
be  e  f  e6 
73af 5a 
e0af  5a 
2c38e5 
f292e2 
c0cc06 
e0495d 
4ab92d 
70180e 
ca1 7e0 
60649a 
fdaf 5a 
da1d80 
ae0183 
489aee 
7c9d45 
42af 5a 
e43738 
8a2eda 


/************ 
•*  keyblock.c 


********************** 


*********** 


Key  BLock  &  Search  Context  Management  Functions 


*  ■*  -Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  ■ 

*  and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  ---• 

*  Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  •*»< 

*  -THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK 


IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM.  - 
************************************************************************* 

■REVISION  HISTORY:  


Version  1 


•Initial  release  by  Cryptography  Research  to  EFF.  * 

.  * * 

.•A***************************************************************************/ 

//include  <stdio.h> 

#i  nc I ude  <std  I  i  b  .  h> 

//include  <conio.h> 

//include  <string.h> 

//include  <memory.h> 

//include  <time.h> 

//include  <ctype.h> 

//include  "  search. h" 

//include  "keyblock.h" 

static  const  char  fileHeaderCD  =  "This  is  a  binary  file  containing  the  " 

"parameters  for  a  DES  search  followed  by  2A24  bits  " 

"indicating  which  regions  of  keyspace  are  left  to  search. \n\032"; 

//define  CTX- F I LE-KE YBLOCKS-0 F FS ET  (  s  i  z  eof  (  f  i  I  eHeade  r  )  +  58) 

//define  MAX-KE Y-R EG  I  ON  (1L<<24)  /*  2A56  keys  /  2A32  keys  per  region  */ 

static  void  EXIT-ERR(char  *s)  {  fprintf(stderr,  s);  exitd);  > 

static  void  WriteParams(FILE  *  f  p ,  SEARCH_CTX  *  c  t  x  )  ; 
static  void  ReadParams( FILE  *fp,  SEARCH-CTX  *  c  t  x  )  ; 


Create  a  new  search  context  file  from  a  SEARCH-CTX  structure 


void  Wri t eSea rchCont ext ( F I LE  *fp 
unsigned  char  tempL"1024/83; 
long  i  ; 


SEARCH-CTX  *ctx)  { 


f w r i t e  (  f i I eHea de r  ,  1,  si  zeof (f i leHeader),  fp); 

WriteParamsCfp,  ctx); 

memset(temp,  255,  1024/8); 

for  (i  =  0;  i  <  MAX-KEY-REGION/1024;  i  +  + ) 

•■fwriteCtemp,  1 ,  sizeof (temp),  f  P  )  ; 


-Read  search  params  from  a  FILE-STRUCTURE  and  get  ready  for 
•••calls  to  Rese r veKey Reg i on  and  F i n i s hKey Reg i on . 

I 
void  OpenSearchContext ( FILE  *fp,  SEARCH-CTX  *ctx)  { 

long  blocksLeft,  n; 

i  n  t  i  ; 

i  n  t  c  ; 


rewind(fp); 

for  (i  =  0;  i  <  sizeof (fi leHeader);  i++) 

••if  (fgetc(fp)  !=  f i  I  eHeade r C i 1 ) 

••••EXIT_ERR("Bad  file  header  in  search  context  file.Xn"); 


ReadParams(fp,  ctx); 

if  (ftell(fp)  !=  CTX-FILE-KEYBLOCKS-OFFSET) 
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5346c8 
52af 5a 
43a1af 
3f0522 
30dd9c 
7b09e5 
36d36a 
c7af 5a 
9cc760 
e65f7b 
0e785b 
4dee98 
6c373b 
0ba78e 
2ab9b9 
e1804b 
4bdf 1c 
9f 5ea0 
ad7c26 
4def e6 
76af 5a 
0aaf 5a 
f038e5 
853511 
5b54f 7 
460a86 
6a448b 
424769 
9c495d 
f9dcfa 
5c6b50 
43af 5a 
8242e7 
e48f8d 
d63ef3 
f96018 
276a9d 
22b482 
1bee98 
a7c101 
f 208b3 
e956ec 
40d9d8 
9a373b 
df 563d 
d20bfd 
e49e77 
d85f6a 
7e6fe7 
7e9622 
5d88e1 
7cac89 
d5df 1c 
7042e7 
2d400d 
204784 
30b7db 
e6b95c 
daef e6 
caa  f  5a 
ada  f  5  a 
1e38e5 
450ed1 
156197 
33495d 
d1a6a3 
3e6b50 
74af 5a 
04227a 
859a72 
4a7978 
8799f2 


EX  I  T-ERR ( "  I  nt e rna I  error:  File  Length  mismatch.") 


/* 
ctx 
ctx 
ctx 

ctx 

/* 

bio 
for 
c 

i 


> 

ctx- 

ctx- 


INITIALIZE  THE  SEARCH  PROCESS  PARAMETERS  (except  for  totalUnits)  */ 

->nextllnstartedKeyBlock  =  0; 

->totaLFinishedKeyBLocks  =  0  ; 

->tota LUnstartedKeyBLocks  =  MAX-KEY-REGION; 

->totaLPendingKeyBLocks  =  0  ; 

FIND  OUT  HOW  MANY  KEY  BLOCKS  ARE  LEFT  */ 
cksLeft  =  0; 

(n  =  0;  n  <  MAX-KEY-REGION/8;  n++)  { 

=  fgetc(fp); 
f  (c  <  0  j  |  c  >  255) 

•EXIT-ERR(" Error  or  premature  EOF  reading  search  context  file.Xn"); 
LocksLeft  +=  (c&128)/128  +  (c&64)/64  +  (c&32)/32  +  (c&16)/16  + 
(c&8)/8  +  (c&4)/4  +  (c&2)/2  +  (c&1); 

>totaLUnstartedKeyBLocks  =  blocksLeft; 
>totaLFinishedKeyBLocks  =  • MAX-KE Y-R EG  I  ON  -  blocksLeft; 


} 
f 

-  r 
ctx 
ctx 
ret 


eserve  a  key  region  to  search.  -When  done  searching  it,  the  program 
hould  call  F i n i s hKey Reg i on  .  -This  function  hands  out  blocks  sequentially, 
tarting  with  the  first  unsearched  one  in  the  file  context  file, 
f  all  blocks  have  been  allocated  and  no  free  ones  are  left,  the 
unction  returns  (-1). 

ReserveKeyRegi on( FILE  *fp,  SEARCH-CTX  *ctx)  { 
c,b; 

(ctx->nextUnstartedKeyBlock  >=  MAX-KEY-REGION) 

e  t  u  r  n  (  - 1  )  ; 

(fseek(fp,  CTX-FILE-KEYBLOCKS-OFFSET  +  c t x->ne x t Un s t a r t edKey B  I  o c k  /  8 , 

SEEK-SET)  ) 

XIT-ERR(  "Error  seeking  search  context  file.Xn"); 
(  (  ctx->nextUnstartedKeyBlock  &  7)  !=  0) 

=  fgetc(fp); 
le  (ctx->nextUnstartedKeyBlock  <  MAX-KEY-REGION)  { 

=  (int)(ctx->nextUnstartedKeyBlock  &    7); 
f  (b  ==  0) 
•c  =  fgetc(fp); 
f  (c  <  0  |  j  c  >  255) 

•EXIT-ERRC" Error  reading  from  search  context  file.Xn"); 
f  (b  ==  0  &&  c  ==  0)  { 
•ctx->nextUnstartedKeyBlock  +=  8; 
•continue; 

f  ((c  <<  b)  8  128) 
*  break; 
tx->nextllnstartedKeyBlock  +  +  ; 

( ctx->nextUnstartedKeyBlock  >=  MAX-KEY-REGION) 

eturn  ( - 1  )  ; 

->totalUnstartedKeyBlocks--; 

->totalPendingKeyBlocks++; 

urn  (ctx->nextllnstartedKeyBlock  +  +); 


•*  -Finish  searching  a  key  region  by  marking  it  as  completed  in  the  contetx 

-  *  -file. 

-  */ 

void  F i ni shKeyRegi on ( FI  LE  *fp,  SEARCH-CTX  *ctx,  long  keyRegion)  { 
•  •  i  n  t  c  ,  b  ; 

••if  (keyRegion  <  0  ||  keyRegion  >  MAX-KEY-REGION) 
••••EXIT-ERR("Bad  key  region\n"); 

••if  (fseek(fp,  CTX-FILE-KEYBLOCKS-OFFSET  +  keyRegion/8,  SEEK-SET)) 
••••EXIT-ERR("  Error  seeking  in  search  context  file.Xn"); 
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7d83b3 
6a1425 
94e261 
533188 
783a1e 
961464 
bd410b 
010f e7 
f78f 5b 
1af 525 
a8f 539 
ccdf 1c 
4fefe6 
ddaf 5a 
53af 5a 
c438e5 
bcf 380 
c1495d 
54c491 
303c52 
c78ca6 
f37a57 
473db4 
9945d9 
64247e 
dae  f e6 
60af 5a 
8038e5 
6f c898 
e7495d 
782a49 
3f 5e7e 
868b1a 
fb6dea 
7fb838 
c6f 5b4 
942460 
42ef e6 
f 9af 5a 


/*  b  =  bit  in  byte  */ 


b  =  (intMkeyRegion  8  7);  

c  =  getc(fp); 

if  ( ( (c  <<  b)  &  128)  ==  0) 

•  • p  r  i  n  t  f (  "  WARNING:  FinishKeyRegion  called,  but  region  already  searched!  \n"); 

else  -C 

••if  (fseek(fp,  CTX- F I LE_KE YBLOCKS-0 F F S ET  +  keyRegion/8,  SEEK-SET)) 

••••EXIT-ERR(" Error  seeking  in  search  context  file.Xn"); 

••fputc(c  &  (255  A  <128»b>>,  fp); 

• -fflush(fp); 

• • ctx->totalFinishedKeyBlocks++; 

• • ctx->totalPendingKeyBlocks--; 

> 


/ 
sta 

f 
f 
f 
f 
f 
f 


/ 
sta 

f 
f 
f 
f 
f 
f 


•Write  a  SEARCH-CTX  structure  to  a  FILE* 

tic  void  Wri teParams( FILE  *fp,  SEARCH^CTX  * 
wri te( ctx->p lai ntextVec tor,  1,  32,  f p ) ;  ••• 
wri te( c tx->plai ntext XorMask,  1,  8,  fp);  ••• 

write(ctx->ciphertext0,  1,  8,  fp);  

write(ctx->ciphertext1,  1,  8,  fp);  

write(8(ctx->plaintextByteMask),  1,  1,  fp); 
write(8(ctx->searchInfo),  1,  1,  fp);  


ctx)  { 


/* 

52 

bytes 

*/ 

/* 

8 

bytes 

*/ 

/* 

8 

bytes 

*/ 

/* 

8 

bytes 

*/ 

/* 

1 

byte 

*/ 

/* 

1 

byte 

*/ 

•Read  a  SEARCH_CTX  structure  from  a  FILE* 

tic  void  ReadParams( FILE  *fp,  SEARCH-CTX  *ctx)  { 

read( ctx->plai ntextVector,  1,  32,  fp);  /* 

read(ctx->plaintextXorMask,  1,  8,  fp);  /* 

read(ctx->ciphertext0,  1,  8,  fp);  /* 

read(ctx->ciphertext1,  1,  8,  fp);  /* 

read(&(ctx->plaintextByteMask),  1,  1,  fp);  /* 

read(&(ctx->searchInfo),  1,  1,  fp);  /* 


32 

bytes 

*/ 

•  8 

bytes 

*/ 

•  8 

bytes 

*/ 

■  8 

bytes 

*/ 

•  1 

byte 

*/ 

•  1 

byte 

*/ 
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8d2d03  /********************************************************* 

aea835  -  *  keyblock.h  

d8ed67  •*  Header  file  for  keyblock.c  

ed29eb  •*  

0209fc  -*  •••Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  • 

4f8aaf  •*  and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  ■••• 

abcaeb  •*  Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  ■•■• 

9f4992  •*  -THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK. 

e829eb  •  *  

94c755  •*  -IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM. 

a329eb  •*  

7  3489b  ********************************************************************** 

0d29eb  •*  

866eef  •*  --REVISION  HISTORY:  

bd29eb  ■*  

5128d9  •*     --Version    1.0:     -Initial     release    by    Cryptography    Research     to    EFF.     

8e29eb  •*    

9  3  d  8  c  3  *************************************************************************** 
44af 5a 

00c374  flifndef    KEYBLOCK-H 

1f33ca  #define    _KEYBLOCK„H 

0caf 5a 

334d26  void  WriteSearchContext(FILE  *fp,  SEARCH^CTX  *  s  p  )  ; 

55d541  void  OpenSea r c hCon t ex t ( F  I  LE  *fp,  SEARCH-CTX  *ctx); 

ae3447  long  Rese r veKey Reg i on ( F  I  LE  *fp,  SEARCH-CTX  *ctx); 

93a2ae  void  FinishKeyRegionCFILE  *  f  p  ,  SEARCH-CTX  *ctx,  long  keyRegion); 

75af 5a 

1c7454  #endif 

25af 5a 
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8d2d03 
e284a4 
8540b6 
2629eb 
8109f c 
728aaf 
64caeb 
204992 
9329eb 
b7c755 
a029eb 
5c489b 
5d29eb 
e46ee  f 
b629eb 
9028d9 
9629eb 
f9d8c3 
6ea  f  5  a 
d4bcd3 
89a5c9 
6baf 5a 
4baf 5a 
c9bea3 
70f eb2 
f 9bb5f 
06b1 cb 
05c737 
200a8b 
48324c 
8a1465 
d  c94c 
601519 
a12ba0 
c  e  2  ba  c 
a  1  a  f  5a 
aa  a  f  5a 
3daf 5a 
a538e5 
0e1 ae3 
78775e 
d2e2cf 
f 79e01 
057501 
d66102 
3c7c40 
195c24 
ad77ae 
cd7f25 
cf c098 
3cb9dd 
b10b92 
5b33e4 
d3495d 
92f9cb 
7c2f e6 
4d3673 
f01382 
95dbbf 
ceb33b 
5861b7 
f eb846 
76af 5a 
38af 5a 
1238e5 
a225ec 
17495d 
2329db 
f92415 
4acb69 
08dcb4 
5f 6c5f 


******* 


************** 


******** 


*  search. c 


Search  Engine  Controller  Program 


•Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  • 

and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  •••• 

Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  •••■ 

THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK. 


IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM.  •* 

* 

************************************************************************** 
* 

•REVISION  HISTORY:  * 

* 

•Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF.  * 


******* 


******** 


******** 


*******/ 


efine  SOFTWARE-VERSION  "1.0" 

efine  SOFTWARE-DATE  •••"04-21-1998' 


#  i  n  c  I  ude 
^include 
//include 
//include 
//  i  n  c  I  ude 
//include 
//include 
//include 
//include 
//include 
//include 
//include 


<std  I  i  b  .  h> 
<stdi  o  .  h> 
<assert.h> 
<c type  .  h> 
<memory. h> 
<t  i  me  .  h> 
<string.h> 
<coni  o  .  h> 
"search. h" 
" ch  i  pi  o  .  h  " 
"keyblock.h 
"des.  h" 


SEARCH-CHIP  STRUCTURE:  Contains  status  information  about  each  chip. 

board:  -The  board  this  chip  is  on  (1  byte). 

chip:  -The  ID  of  this  chip  on  the  board  (1  byte). 

initialized:  - 0  =  un i n i t i a  I  i z ed ,  1  =  i n i t i a  I  i zed,  -1=def ective. 

regionC]:  Specifies  the  top  24  bits  of  the  key  being  searched  by  each 
search  unit.  A  value  of  -1  means  the  search  unit  is  idle 
(idle),  and  a  value  of  -2  means  the  search  unit  is  not  used. 

overFlowL"]:  Specifies  the  value  at  which  the  low  32  bits  of  the 
key  (the  key  counter)  will  have  gone  through  all  2A32 
possibilities.  -Note:  this  only  has  the  top  24  bits  of  the 
counter,  which  corresponds  to  key  bytes:  XX  XX  XX..  (LSB) 

LastSeenL"]:  -The  value  last  seen  in  the  low  32  bits  of  the  key. 

••••This  has  the  same  encoding  as  overFlow. 


ty 


pedef  struct  CHIP-CTX  { 

unsigned  char  board,  chip; 

int  initialized; 

long  regionCSEARCH_UNITS_PER_CHIP:; 

long  overFlow[SEARCH_UNITS_PER_CHIP] 

long  LastDoneHSEARCH-UNITS-PER-CHIP] 

struct  CHIP-CTX  *nextChip; 

CHIP-CTX; 


•  *  •  GLOBAL  VARIABLES 

•  */ 

CHIP-CTX  *CHIP-ARRAY  =  NULL 
SEARCH-CTX  CTX; 
static  int  QUIET  =  0; 
static  int  VERBOSE  =  0; 
static  FILE  *FP-LOG  =  NULL; 
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e0af 5a 
1 aa  f  5a 
9938e5 
aae°f  c 
2b495d 
54708e 
c2f 311 
e0a  2be 
b5e2b2 
0c49e0 
ee873d 
f f0862 
5f8767 
C078a5 
52af 5a 
64af 5a 
8538e5 
ee2  f  aa 
9198e6 
643bd0 
a271b3 
a1849f 
b97255 
0ac94c 
0daf98 
a0495d 
54eb8e 
79bc33 
a58685 
ae08f  4 
31 e8aa 
1ec31e 
c344bc 
07b166 
27af 5a 
a2d67e 
398d09 
6860b7 
7caf 5a 
c4a9d2 
d2b291 
668f 5c 
8caf 5a 
b994bf 
5a0a67 
342761 
205f 6a 
C04d2e 
dc6f  2 
9f6771 
6ae67c 
42a4e2 
b0b41f 
50f 03a 
b4da88 
296fe7 
25d89c 
1c3b05 
3044d4 
0a1445 
ca5e35 
f86669 
8ca  e4c 
715fa0 
bf 274a 
ca772c 
3343e1 
807e0b 
629822 
7905d7 
b656fb 
1e2825 


■*  -FUNCTION  PROTOTYPES  8  MINI  FUNCTIONS  S  MACROS 

■  */ 

static  void  EXIT-ERR(char  *s)  {  fprintf(stderr,  s);  exitd);  } 

Long  ReadConfigCchar  *configFilespec); 

void  RunSea rch ( F  I  LE  *ctxFile); 

void  InitializeChip(CHIP-CTX  *cp,  SEARCH-CTX  *  c  t  x  )  ; 

void  Servi ceChi p(CHIP-CTX  *cp,  SEARCH-CTX  *ctx,  FILE  *ctxFiLe) 

Long  GetUnitKeyCounterCint  board,  int  chip,  int  unit); 

void  CheckAndPrintKey(CHIP-CTX  *cp,  SEARCH-CTX  *ctx,  int  unit) 

int  ServiceKeyboard(SEARCH_CTX  *  c  t  x  )  ; 

int  CheckKey(unsigned  char  key[56],  SEARCH-CTX  *  c  t  x  )  ; 


• ReadConf i g (  )  :  -Read  the  search  array  configuration  fiLe.  -This  fiLe 

specifies  the  I/O  base  port  for  S e t Ba s e Add r e s s  and  also  the 

search  units.  -It  can  contain  3  kinds  of  Lines:  comments  that 

that  with  '%',  base  port  with  "PORT  =  210"  for  port  210  hex,  and 

"UNIT=  12  32  8"  to  add  a  search  unit  on  board  0x12,  chip  0x32, 

and  unit  0x08  (aLL  hex).  -The  function  constructs  CHIP-ARRAY 

as  a  Linked  List  of  chips. 

■•Returns:  TotaL  number  of  search  units. 

g  ReadConf i g ( cha r  *conf i g F i L espe c  )  { 

har  buf  f  erL-200]; 

nt  basePort  =  - 1  ; 

nt  board,  chip,  unit,  i  ; 

nt  LastBoard  =  -1,  LastChip  =  - 1  ; 

ong  totaLUnits  =  0  ; 

HIP^CTX  *  c  p  ; 

ILE  *fp; 


/ 
L  on 


cp  =  CHIP-ARRAY; 

if  (cp  !=  NULL) 

••EXIT-ERR("Chip  array  base  isn't  NULL.  (Internal  error.  )\n"); 

fp  =  fopen(configFilespec,  "rb"); 
f  (fp  ==  NULL) 
•EXIT_ERR("  Error  opening  configuration  filespec.Xn"); 

f  (!  QUIET)  printf( "Reading  configuration  fiLe  \"%s\".\n",  configFilespec); 
Le  (fgets  (buffer,  190,  fp)  !=  NULL)  { 
f  (bufferHOD  ==  '\0'  \\     buffer[0D  ==  '%') 
•  continue; 

f  (memcmp(buf f er,  "P0RT=",  5)  ==  0)  i 
•basePort  =  0; 

• sscanf (buf fer+5,  "%x",  SbasePort); 
•if  (basePort  <=  0 ) 

-••EXIT-ERR(" Defective  P0RT=  in  configuration  file.Xn"); 
• SetBaseAddress(basePort); 

•if  (!  QUIET)  printfC'Set  base  port  to  %x\n",  basePort); 

•if  (FP-LOG  &&  VERBOSE)  f p r i n t f ( F P^LOG ,  "Set  base  po r t  =  0x%x \ n "  ,  basePort) 
> 
else  if  ( memcmp ( buf f e r ,  "UNIT  =  ",  5)  ==  0  |  | 

memcmp  (  bu  f  f  e  r  ,  "FAIL  =  ",  5)  ==  0)  -C 

oard  =  chip  =  unit  =  -1; 

scanf(buffer+5,  "%x  %x  %x",  &board,  &chip,  &unit); 

f  (board  <  0  j|  chip  <  0  ||  unit  <  0) 

•EXITwERRC Defective  UNIT=  or  FAIL=  in  configuration  file.Xn" ); 

f  (board  <  LastBoard  j|  (board  ==  LastBoard  &&  chip  <  LastChip)) 

• EXIT-ERR( "Bad  UNIT=  or  FAIL=  in  config:  board  &  chip  must  decrease\n") 

f  (board  !=  LastBoard  jj  chip  !=  LastChip)  { 

•LastBoard  =  board; 

•LastChip  =  chip; 

•if  (cp  ==  NULL) 

•••cp  =  CHIP-ARRAY  =  malloc(sizeof(CHIP-CTX)); 

*  e  L  se  { 

•  •  •  cp->nextChi p  =  ma L L o c ( s i z eof ( CH I P-CTX  )  )  ; 
•••cp  =  cp->nextChip; 
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e67fb0 
e237f 7 
927f 04 
902174 
b11f fd 
2068f 5 
48d968 
a342cc 
a2  f a  c6 
1b9c12 
cf 72d7 
f 442cc 
936a79 
d0f 07c 
3c6fe7 
aadf 1 c 
56ed24 
24f7ab 
ca50bd 
fbaf5a 
ba291a 
0f  24bf 
7e5d63 
4e1222 
f6f2e5 
debb16 
e33c  cd 
bb9127 
8d6f e7 
c4df 1 c 
19a980 
239057 
d43f af 
1  5ef  e6 
0eaf 5a 
d8af 5a 
0caf 5a 
fe79bf 
d  e020 
e41 7e0 
19e624 
f 944bc 
63af 5a 
7207b6 
a2f  f aa 
142e08 
2dc4f d 
7b1 151 
b0805d 
3b04bf 
44a1f b 
daba53 
cf ed02 
18f 2f 1 
da327c 
398e60 
ddf 370 
f d94cd 
578e57 
e1a553 
6b646c 
f 5df 1c 
0a5434 
05d081 
df 3904 
a1dd6b 
8bc2f e 
2e14ab 
e593ab 
f e4009 
8b9a4c 
3683c8 


cp->board  =  (unsigned  char)board; 

cp->chip  =  (unsigned  char)chip; 

cp->initiaLized  =  0  ; 

for  (i  =  0;  i  <  S EARCH-UN I TS-PER-C H I P;  i++) 

■■cp->regionCi]  =  -  2  ; 

cp->nextChip  =  NULL; 

f  ( cp->regi onCuni t ]  ==  -2  SS  memcmp ( buf f e r ,  "UNIT=",  5)  ==  0)  { 
• totaLUnits ++; 

•  cp->region[uni  t]  =  -1;  /*  mark  the  unit  as  extant  */ 

} 
>  else  { 

•  *  fprintf (stderr,  "IGNORING  UNKNOWN  CONFIG  FILE  LINE:  \"%s\"\n",  buffer); 
> 
> 

fclose(fp); 
f  (CHIP-ARRAY  ==  NULL) 
*EXITwERR(" Error:  Configuration  file  does  not  have  any  valid  units. \n"); 

f  (FP-LOG  SS  VERBOSE)  { 
fprintf(FP-LOG,  "Configuration  summary: \n"); 
for  (cp  =  CHIP-ARRAY;  cp  !=  NULL;  cp  =  cp->nex t C h i p )  { 
for  (i  =  0;  i  <  S E ARC H-UN I TS-PE R-CH I P;  i++) 
••if  (  c p-> reg i on L i D  !=  -2) 
• • • • f printf ( FP-LOG,  "%s=0x%02X  0x%02X  0x%02X\n", 

(cp->ini tialized  >=  0)  ?  "UNIT"  :  "FAIL", 

cp->board,  cp->chip,  i); 

> 
} 

f  (!  QUIET)  printf("Config  done:  Found  %Ld  search  units. Xn",  totaLUnits); 
if  (FP-LOG)  f pri nt f ( FP-LOG,  "Config  found  %Ld  search  units. Xn",  totaLUnits); 
return  (totaLUnits); 


char  **argv)  { 


void  main(int  argc 
FILE  *  c  t  x  F  i  I  e  ; 
i  n  t  i  ; 
t  i  m  e  - 1  t  ; 
CHIP-CTX  *cp; 

ntf("\nDES  Search  Engine  Controller  (Ver  %s,  %s).  May  be  export 
controlled. \nWritten  1998  by  Cryptography  Research  " 
(http://www.cryptography.com)  for  EFF.Xn" 
This  is  unsupported  " 
free  software:  Use  and  distribute  at  your  own  risk.Xn" 


f  (argc 


f  p  r 


\  n  \  n  \  n  " 


;OFTWARE, 
3)  { 


■VERSION,  SOFTWARE-DATE) 


ntf 


stder 
Usage  : 

•  CO 
con 


exi  t  ( 1 
> 
for  ( i  = 

if  (i 

•  -  FP-L 

•  •  if  ( 
• ■ • • EX 
>  else 
- • VERB 
else  i 
• • QUIE 
else  { 


•search  configFile  contextFile  CLogfileU  C-v]  L~-q]\n 
nfigFiLe:  Search  array  configuration  from  autoconf\n 
textFile:  Search  context  (from  init)\n" 
-logfile:  Output  file  with  detailed  reporting  info\n 

-v:  verbose  output  to  logfile\n" 

-q:  quiet  mode  (less  output  to  the  screen)\n" 

:  paramaters  must  be  in  the  order  above.  )\n"); 


3;  i  <  argc;  i++)  i 
==    3  &&  argvCi ]C0]  !=  '-' )  { 
OG  =  fopen(argvC3D,  "w"); 
FP-LOG  ==  NULL) 
I T-ERR ( " E r ro r  opening  log  file.") 

if  ( s t r i cmp ( a rg v C i ] ,  "-v")  ==  0) 
0  S  E  =  1  ; 

f  (  s t r i cmp ( a rgvC i ] ,  "-q")  ==  0) 
T  =  1; 
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5e813f 
e6dd2 
cc6fe7 
5edf 1c 
b0af 5a 
9f305a 
5df f7c 
13af 5a 
76735d 
861d2e 
c4969d 
7e859a 
e607b1 
06ae60 
7b7546 
056f e7 
99df 1c 
71ec6b 
94af 5a 
3da542 
10ee15 
20f f66 
c0f 8b7 
4c646c 
10df  1  c 
a9af 5a 
5d1da1 
7ab357 
4458f 4 
30af 5a 
b65d7f 
362733 
259966 
0f33d0 
86ef e6 
cda  f 5a 
elaf 5a 
8538e5 
8f 13e5 
f fec91 
c140a5 
7c495d 
2fb622 
2944bc 
2d049e 
79c4fb 
d4ce  ca 
8cd6eb 
95431e 
c3af 5a 
c9f bd6 
578e14 
45af 5a 
da37ac 
09a530 
7c2a59 
46ec5d 
e4084a 
9abe63 
155889 
1daf 5a 
b005cf 
5f f b77 
97eba6 
e24d90 
c347d2 
16ef a5 
db00a9 
889596 
751c3a 
e61ab3 
b36f e7 


/* 
CTX 


•  •  > 
> 
t  = 

/* 
ctx 
if 
■  -  f 

•  •  e 
> 

/* 
i  f 
wh  i 

/* 
Run 
f  cL 
i  f 


fprintf(stderr,  "Unknown  parameter  \"%s\"\n",  argvCi]); 
e  x  i  t  ( 1  )  ; 


READ  CONFIGURATION  FILE  SPECIFYING  BASE  PORT  AND  SEARCH  UNITS  */ 
.totalUnits  =  ReadConfig(argvL"1]); 

RESET  THE  SEARCH  ARRAY  */ 

(! QUIET)  printf(" Resetting  the  search  array. \n"); 

■■   -1; 

(cp  =  CHIP-ARRAY;  cp  !=  NULL;  cp  =  c p->nex t C h i p )  { 
f  (  i  !  =  cp->boa  r  d  )  -C 
•i  =  cp->board; 
• ResetBoardCi  ); 

time(NULL);- 

READ  SEARCH  FILE  SPECIFYING  SEARCH  INFO  &  REMAINING  KEY  BLOCKS  */ 

File  =  fopen(argvC2H/.  "r  +  b"); 

( ctxFi  Le  ==  NULL)  { 

printf(stderr,  "Error  opening  search  context  file  \"%s\"\n",  argvC2]) 

x  i  t  ( 1  )  ; 

MAKE  SURE  RESET  HAD  AT  LEAST  1  SECOND  TO  SETTLE.  */ 
(! QUIET)  printfC Waiting  for  reset  to  settle. \n"); 
le( t  +  1  >=  t i  me(NULL)  )  {} 

RUN  THE  SEARCH!  */ 

Search(ctxFi  le); 

ose(ctxFi  le); 

(  IQUIET)  printf( " Exiting. \n"  ); 


/ 
vo  i 

C 
S 
i 
t 
I 
c 


Run  the  search.  Uses  the  search  parameters  in  the 

global  linked  list  CHIP-ARRAY  and  keeps  its  context  info 

in  the  g loba  I  CTX  . 


d  RunSearch( FILE  *ctxFile)  { 

HIP-CTX  *cp; 

EARCH-CTX  *ctx  =  &CTX; 

n  t  halt  =  0  ; 

ime-t  startTime,  LastReportTime,  t; 

ong  loopCount  =  0; 

har  bufferr.128]; 


if  (IQUIET)  printf(" Loading  search  context  file...\n"); 
OpenSearchContext(ctxFi  le,  ctx); 

printf(" Initialization  Successful  -  Beginning  search. \n"); 

if  (QUIET)  printfC" Quiet  mode:  Press  ?  for  help  during  search. \n"); 

if  (FP-LOG  &&  VERBOSE)  f p r i n t f ( F P-LOG ,  " Beginning  search \n") 

for  (cp  =  CHIP-ARRAY;  cp  !=  NULL;  cp  =  c p->nex t C h i p ) 
'•InitializeChip(cp,  ctx); 
startTime  =  time(NULL); 
lastReportTime  =  0; 


report  every  5  seconds 


le  (halt  ==  0)  { 

t  =  time(NULL);  

f  (t/5  !=  LastReportTime/5  )  { 

•sprintf(buffer,  "%7ld  blocks  done,  %7ld  left,  %4ld  running  (time=%7ld) 

ctx->totalFinishedKeyBlocks,  ctx->totalUnstartedKeyBlocks  + 

ctx->totalPendingKeyBlocks,  ctx->totalPendingKeyBlocks, 

(long)(t  -  startTime)); 

•if  (IQUIET)  printf(">%s  (  '  ? ' =he  I  p  )  \  n  "  ,  buffer); 

•if  (FP-LOG  &&  VERBOSE)  f p r i n t f ( F P-LOG ,  "Report:  %s\n",  buffer); 

•lastReportTime  =  t; 
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9d0eaa 
3f 8447 
f 591 f 1 
e6cd41 
4a6fe7 
b2bd80 
16865f 
0b1 f76 
3b5f f 2 
43df 1c 
08ef e6 
92af 5a 
c6a  f  5a 
4f38e5 
2da22e 
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cf 495d 
087c0e 
cf e13a 
aba  f  5a 
3c3661 
a40940 
f aae75 
9c7828 
be1207 
0b339a 
f bd055 
cbb8cc 
1 31 f 76 
64eca4 
2689f7 
001 f 76 
f98081 
d21 f76 
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edeef 
e20a1 e 
0f af 5a 
70b777 
20f 147 
060b46 
e6339a 
f9b65f 
beb8cc 
d1 871 5 
8f dlda 
9a89f7 
bb5f b5 
610e6a 
5854f 1 
5b91bf 
7bdf 1c 
1b77a6 
483279 
e013d5 
23f ed0 
c5e719 
6ad6e1 
4e4342 
8960af 
dadf 1c 
36af 5a 
e1791e 
4f f 396 
b8ef e6 
79af 5a 
96af 5a 
c538e5 
a3c  c9c 
274c8c 
670a9d 
ceb01 a 


cp->next  Chip)  -C 


void  Ini tia Li zeC h i p ( CH I P-CTX 
int  i , j ; 


for  (cp  =  CHIP-ARRAY;  cp  !=  NULL  SS  halt  == 

••ServiceChip(cp,  ctx,  ctxFile); 

••if  ( Se r v i ceKeyboa rd ( c t x )  <  0) 

••••halt  =  1  ; 

> 

if  ( ctx->tota L Fi ni shedKeyB Locks  ==  (1L<<24)) 

■-halt  =  1  ; 

GetRegister(255,  255,  255); 

LoopCount++; 


I  n i t i a L i z eCh i p ( cp,  ctx):  -Initialize  a  chip  whose  chip  context  is 
••••at  cp,  using  the  search  parameters  at  ctx. 


SEARCH-CTX  *ctx)  i 


if  (!  QUIET)  printfC  Initializing  board  0x%02X,  chip  0x%02X\n" , 

cp->board,  cp->chip); 

if  (FP-LOG  &&  VERBOSE)  f p r i n t f ( F P-LOG , 

"Initializing  board  0x%02X,  chip  0x%02X\n",  cp->board,  cp->chip); 

SetRegi s t e r ( cp->boa rd ,  cp->chip,  REG-PTXT-BYT E-MAS K,  0xFF);  --/*  halt  chip  */ 
for  (i  =  0;  i  <  32;  i++) 

SetRegi  ster  (  cp->board,  cp->chip,  R  EG-.PTXT-VECTOR  + i  , 

ctx->plaintextVectorCi]); 

for  (i  =  0;  i  <  8;  i++) 

SetRegi ster (cp->board,  cp->chip,REG-PTXT_XOR_MASK+i, 

ctx->plaintextXorMaskCi]); 

for  ( i  =  0 ;  i  <  8 ;  i  +  + ) 

SetRegi  ster  (  cp->boa  rd,  cp->chip,  R  EG-C  I  PH  E  RTEXT0  +  i  ,  c  t  x->  c  i  ph  e  r  t  ex  1 0L"  i  ]  )  ; 
for  (i  =  0;  i  <  8;  i++) 

SetRegister(cp->board,  cp->chip,  REG-CIPHERTEXT1+i,  ctx->ciphertext1Ci]); 
SetRegi ster ( cp->board,  cp->chip,  R EG-PTXT..B YT E_M ASK,  c t x->p  I  a i n t ex t By t eMa s k ) ; 
Set Regi ster ( cp->board,  cp->chip,  R EG-S E AR C H I N FO,  c t x->sea r c h I n f o ) ; 

/*  TO  BE  SAFE,  VERIFY  THAT  ALL  REGISTERS  WERE  WRITTEN  PROPERLY  */ 
/*  (Each  chip  only  gets  initialized  once,  so  this  is  quick.)  */ 

j  =  0; 

for  (i  =  0;  i  <  32;  i++) 

j  +=  Chec kRegi ster ( cp->boa rd,  cp->chip,  REG-PTXT-VE CT0R+ i , 

ctx->plaintextVectorCi]); 

or  (i  =  0;  i  <  8;  i++)  -C 
j  +=  CheckRegi ster( cp->boa rd,  cp->chip,  REG-PTXT-XOR-MASK+ i  , 

ctx->plaintextXorHask[il); 

j  +=  Chec kRegi st er ( cp->boa rd,  cp->chip,  REG-C  I  PH E RTEXT0+ i , 

ctx->ciphertext0Ci]); 

j  +=  Chec kReg i s t er ( cp->boa rd,  cp->chip,  REG-C  I  PH E RT EXT  1  +  i , 
ctx->ciphertext1Ci]); 


+=  CheckRegi s t e r ( c p->boa rd ,  cp->chip,  REG-PTXT-B YTE-M ASK, 
ctx->plaintextByteMask); 

+=  Chec kReg i ster ( cp->boa rd,  cp->chip,  REG-S E A R C H I N FO ,  c t x->sea r c h I nf o ) ; 
f  (j  !=  0)  { 
•printf("Bad  register  on  board  0x%02X,  chip  0x%02X.  Chip  d i sab  I ed  .  \  n  "  , 

cp->board,  cp->chip); 

■if  (FP^LOG)  f pri ntf ( FP-LOG,  "Bad  register  on  board  0x%02X,  chip  0x%02X.%s", 
cp->board,  cp->chip,  "  Chip  disabled. \n"); 


/*  UPDATE  THE  CHIP  CONTEXT  */ 
cp->i ni t i a  I  i zed  =  (j  ==  0)  ?  1 


1  ; 


/*  initialized  or  defective  */ 


•*  -Service  a  chip  by  doing  the  following: 

•*  •••-  Check  if  it  has  halted 

■*  ■■■-  Check  to  see  if  it  has  finished  its  region 

■*  •••-  Restart  if  it  is  idle 
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47495d 
a30d32 
05538a 
5019fa 
2aa  f  5a 
348a5b 
0f3471 
25af 5a 
ec6000 
b65d45 
adf 9a6 
6700ef 
ea5e8f 
2bca7c 
29e540 
db6490 
1d42cc 
cd6f e7 
efdf  1c 
23af 5a 
516000 
ae51e4 
ba3534 
aa4028 
7c32c2 
9af 9a6 
1600ef 
f da2b3 
b25f 6a 
f  cbaec 
637ad2 
0c9f c8 
db5630 
4c9bf b 
3d961d 
91fd7c 
a5a2d2 
02106a 
9a7e0d 
eb7d4e 
9e7322 
394e24 
cc3197 
64bdf0 
d455f b 
284e24 
263197 
C14588 
72c33f 
ba6a79 
b01b8b 
de6fe7 
3edf 1c 
f  aa  f  5a 
036000 
beae98 
38f9a6 
0000ef 
8faa03 
7cb961 
f9cd11 
b431a8 
35db12 
3f e31b 
bd2b54 
e8e31b 
d148cb 
8faf 5a 
7523f8 
49945b 
6a  a  d  2  b 
457b3f 


•  */ 

void  ServiceChip(CHIP-CTX  *cp,  SEARCH-CTX  *ctx,  FILE  *ctxFiLe)  { 

i  n  t  unit; 

Long  k  ; 

if  ( cp->i n i t i a L i z ed  <  0) 
•  *  return; 


/ 

for 


READ  KEYS  8  RESTART  ANY  HALTED  UNITS 


/ 
for 


■  kcmu  ncis  6i  rccaiHKi   himi  n  h  l  i  c  u  uiu  n 

(unit  =  0;  unit  <  SEARCH-UNITS-PER-CHIP;  unit  +  +)  -C 

f  (cp->regionCunit]  >=  0)  {  /*  if  currently  running  */ 

-if  (  !  (GetRegi ster (cp->board,  cp->chip,  R EG~S E A RC H-ST ATU S ( un i t  )  )  S  1))  { 

•••CheckAndPrintKey(cp,  ctx,  unit); 

•  •  • SetRegi ster( cp->board,  cp->chip,  REG-S E ARC H-ST ATUS ( un i t  )  ,  1); 

-  > 


See  if  any  units  have  completed  their  search  regions 

••Note:  If  I/O  bandwidth  was  a  problem  and  the  clock  rate  of  the 

search  system  was  fixed,  we  could  predict  when  the  keycounter 

would  flip  and  avoid  this  check. 


(unit 
f  (cp- 
■  con t  i 
=  Get 
-=  cp 
f  (k  < 
•  k  +  = 
f  (VER 


(k  < 

f  ( 


f  (F 


Finis 
cp->r 
else 
cp->l 


>  r  eg  i 
nue  ; 
Uni  tK 
->ove 

0) 
(1L  < 
BOSE 

•  •  •  "B 

•  •  •  "( 

•  •  •  cp 

•  •  •  cp 


unit  <  SEARCH-UNITS-PER-CHIP;  unit++)  { 
onlunit]  <  0) 


ey Count e r ( cp->boa rd,  cp- 

rFLowlunit]; 


>chip,  unit); 


cp 


-> 


QUIET 
-  •  •  "0 

•  •  •  cp 

•  •  •  cp 
P-LOG 


<  24 
&&  F 
oa  rd 
last 
->bo 
->la 
last 
)  pr 
x%06 
->bo 
->la 
)  fp 
x%06 
->bo 
->la 
egi  o 
C  un  i 


•  •  •  cp 

•  •  -  cp 
hKeyR 
eg  i  on 
{ 
a  s  t  Done [ un  i  t  ] 


); 

P-LOG) 
0  x  %  0  2 
Done=0 
a  rd,  c 
s  t  Done 
Done  C  u 
intf (" 
IX  (  la 
a  rd,  c 
s  t  Done 
r i  ntf  ( 
IX  (  la 
a  r d,  c 
s  t  Done 
n(ctxF 
t]  =  - 


f printf ( FP_L0G, 
X  chip  0x% 02 X  unit  0x%02X  is  at  0x%06lX  " 
x%06LX,  overFlow=%06lX)\n", 
p->ch  ip,  unit,  k, 
[unit],  cp->overFlowCunit]); 
nit])  { 

Board  0x%02X  chip  0x%02X  unit  0x%02X  finished  block 
stDone=0x%06LX,  got  0x%06lX,  overFlow=%06LX)\n", 
p->chip,  unit,  c p-> r eg i on [ u n i t  ]  , 
[unit],  k,  cp->overFlowCunit]); 

FP^LOG,  "Unit  0x%02X  0x%02X  0x%02X  finished  " 
st=%06LX,  got  %061X,  oFlow=%06LX)\n", 
p->chip,  unit,  cp-> r eg i onC un i t  ]  , 
[unit],  k,  cp->overFlow[unit]); 

ile,  ctx,  cp->region[unit]);  •.••/*  region  is  done 
1;  /*  unit  is  now  idle 


k; 


Start  any  units  that  are  currently  stalled 

r  (unit  =  0;  unit  <  S E ARC H-UN I TS-PE R_C H  I  P;  unit  +  +)  { 
f  (  cp->reg  i  ontun  i  t  ]  ==  -1)  -C 
k  =  ReserveKeyRegion(ctxFile,  ctx); 
if  (k  <  0) 

••break;  /*  no  more  regions.. 

if  (!  QUIET)  printfC"  Starting  board  0x%02X,  chip  0x%02X,  unit  0x%02X.. 

cp->board,  cp->chip,  unit); 

if  (FP-LOG)  f printf ( FP-LOG,  "Starting  unit  0x%02X  0x%02X  0x%02X...  ", 

cp->board,  cp->chip,  unit); 

cp->region[unit]  =  k; 

/*  LOAD  UP  THE  KEY  REGION  AND  LET  'ER  RIP...  */ 

SetRegi ster( cp->board,  cp->chip,  R EG-S E ARC H^KE Y ( un i t  )  +6 , 

(unsigned  char)((k  >>  16)  &  0xFF)); 

Set Regi ster ( cp->boa rd,  cp->chip,  R EG- S E A R C H-KE Y ( un i t  ) +  5  , 
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99606b 
4021e3 
593bf 5 
d50d06 
6a92d3 
353abd 
37a568 
f 2af 5a 
176841 
08af 5a 
d3f d1 a 
b20f 12 
619957 
881b8b 
282f 76 
f 3eb34 
0ac31 2 
77eb34 
5a6f e7 
90df 1c 
97ef e6 
38af 5a 
21af 5a 
e338e5 
a964e4 
58278f 
5e7253 
b24a30 
224233 
d494e7 
2740a3 
57495d 
5a0094 
559ab5 
31565f 
76f 04f 
0b190c 
56d778 
9bb868 
9a512b 
996273 
184051 
f9f c72 
63e73f 
9012d1 
6688e1 
696f e7 
99df 1 c 
aa0597 
2a  e  f  e6 
6daf 5a 
00af 5a 
b238e5 
8e23dc 
d0495d 
5caa69 
8a5ec8 
4c4fa7 
bcd5f 5 
0c193c 
elaf 5a 
73aec4 
615cd8 
ebdf 14 
1e8cf c 
804d72 
bad460 
57a964 
c881 5b 
b6f7c3 
e3b642 
221e9a 


(unsigned  char)((k  >>  8)  8  0  x  F  F  )  )  ; 

Set  Reg i s t er ( cp->boa rd,  cp->chip,  REG-S E ARC H-KE Y ( un i t  ) +  4, 
(unsigned  char)(k  &  0  x  F  F  )  )  ; 

cp->chip,  REG-SEARCH-KEY(unit)+3, 

cp->chip,  REG^SEARCH^KEY(unit)+2, 

cp->chip,  REG-SEARCH-KEY(unit>+1, 

cp->chip,  REG~SEARCH-KEY(unit)+0, 


SetRegi  ster(cp->board, 
SetRegi  ster(cp->board, 
SetRegi  ster(cp->board, 
SetRegi  ster(cp->board. 


Set  Reg i s t er ( cp->boa rd,  cp->chip,  R EG-S E ARC H-ST ATUS ( un i t ) 


/*  GO!  */ 


FO 


*  READ  OUT  THE  KEY  COUNTER  (3  BYTES) 

=  GetUnitKeyCounter(cp->board,  cp->chip,  unit); 
p->overFLow[uni t]  =  k  ; 
p->LastDoneCunit]  =  k  ; 
f  (!  QUIET)  pn'ntf("Region  =  0x 

cp->regionCunit],  k); 

f  (FP^LOG)  f printf ( FP^LOG 
cp->region[unit] 


R  OVERFLOW  SENSING 


*/ 


k); 


x  %  0  6  I  X  ,  overFlow=0x%06LX\n", 
Region=0x%06LX,  overFLow=0x%06LX\n" 


Read  the  value  of  a  rap i d L y- i n c remen t i ng  key  counter  register. 
■-•The  function  reads  the  register  twice,  finds  the  most-sign i 
•••bit  that  changed  during  the  operation,  and  returns  the  Late 
•••(higher)  value  with  all  bits  to  the  right  of  the  one  that  c 
•••set  to  zero. 

The  return  value  is  the  top  24  bits  of  the  low  32  bits  of  the 
•••key  counter  --  i.e.,  key  bytes  (MSB) XX  XX  XX  ..(LS 


/ 

I  on 

I 
d 


g  g 

ong 
o  { 

•  v1 

•  v1 
■  v1 

•  v2 

•  v2 

•  v2 
wh 

o  r 

•  i  f 


e t Un i t KeyCoun t e r ( i n t  board 
v1,  v2,  m  ; 


int  chip,  int  unit)  -C 


i  = 
i  le 
(m 

(( 
v2 
bre 


( (  long) 

( ( long 

((long 

( (  long) 

((long 

( (  long 

(v1  > 

=  0x800 

v1  &  m) 

=  (v2  8 

ak; 


GetRegi ster(board,  chip,  REG~S E AR C H-KE Y ( un i t  )  +  3  )  ) 
)GetRegi ster(board,  chip,  REG-S E ARC H-KE Y ( un i t  )  +  2  )  ) 
)GetRegi ster(board,  chip,  REG-S E A R C H^KE Y ( un i t  ) +  1  )  ) 
GetRegi ster(board,  chip,  REG-S E ARC H„KE Y ( un i t ) +3 ) ) 


)GetRegi  ster(board, 

)GetRegi  ster(board, 

v2); 

000L;  m  !=  0;  m  >> 

!=  (v2  8  m)  )  { 

(OxFFFFFFL  -  m  +  1  )  ) 


chip, 
chip, 


=  1  )  { 


REG. 
REG. 


SEARCH-KEY(uni  t )  +  2) ) 
SEARCH^KEY(uni  t )  +  1  ) ) 


f  i  can t 

r 

hanged 


<<  16; 
<<  8; 

<<  16; 
<<  8; 


> 

return  (v2) 


*  -Get  the  key  out  of  a  halted  unit  and  print  it  to  the  screen/logs 
*/ 
void  CheckAndPrintKey(CHIP-CTX  *cp,  SEARCH-CTX  *ctx,  int  unit)  i 

unsigned  char  k  e  y  C  7  ]  ; 

unsigned  char  binKeyC56]; 

char  bu ft  1283; 

int  i,j,  goodKey; 

for  (i  =  0;  i  <  7;  i++) 

•■keyCiD  =  (unsigned  c ha r  )  Ge t Reg i s t e r ( c p->boa rd ,  cp->chip, 

REG^SEARCH„KEY(unit)  +  i); 

if  (--(keyC0D)  ==  0xFF)  /*  Decrement  key  *, 

••if  (  — (keyC1  :)  ==  0xFF) 
••■•if  (~(keyC23)  ==  0xFF) 

--keyr.311; 

for  (i  =  0;  i  <  56;  i++) 

••binKeyCi:  =  (key[i/8]  >>  (i87))  8  1; 

for  (i  =  7;  i  >=  0;  i--)  { 

••j  =  binKeyCi*7]*2  +  b i nKey C i *7  +  1  ]  *4  +  b i nKey C i *7  +  2 ] *8  +  b i nKey C i *7  +  3 1 *1 6  + 
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a35717 
9b3764 
5bdf 1c 
a9af 5a 
5076d5 
19c6bc 
be3a1e 
80b718 
99c03b 
889ac7 
9d52d1 
8adf 1c 
5ec  ce4 
4757b8 
82c03b 
2a1890 
8ba909 
ccdf  1c 
31af 5a 
eedd3c 
efaf 5a 
7005cd 
352ace 
7d1792 
24b77b 
8384bd 
35ef  e6 
41af 5a 
2daf 5a 
d238e5 
0b1 cdc 
f3495d 
6bfd4b 
c31df9 
08431e 
e6a  f  5a 
57c536 
d70480 
7d037e 
b83116 
2dbdd0 
c7e45d 
d7aa86 
f cbc76 
045f 6a 
4a6f e7 
0eb946 
a98ae3 
f f 44cc 
43bc76 
8a5f6a 
926f  e7 
a30d23 
70cb2a 
8c5d92 
14ea98 
f28ef9 
9e42cc 
5e4ac1 
c85f6a 
d46f  e7 
517c47 
0a5669 
97531b 
a34f0b 
99b056 
cce226 
c1657e 
afb365 
5cbc76 
256fe7 
f2b110 


binKeyCi*7+4]*32  +  b i nKey I i *7+5 ] *64  +  b i nKey C i *7+6 ] *1 28; 

• sprintf <buf  +  14-2*i  ,  "%02X",  j); 

f  (QUIET) 

• printf ("Halt  in  %02X.%02X.%02X,  K  =  %s  P  =  " ,     cp->board,  cp->chip,  unit,  buf) 

Lse  { 

•printfC "BOARD  0x%02X,  CHIP  0x%02X,  UNIT  0x%02X  HALTED!\n  ••■K56  =  " , 

cp->board,  cp->chip,  unit); 

•for  (i  =  6;  i  >=  0;  i  —  )  p r i n t f ( " %02 X  "  ,  keyMT); 
•printfC"\n  • • • K64  =  %s\n",  buf); 

f  CFP-LOG)  { 

■ fprintf (FP-LOG,  "HaLta  %02X.%02X.%02X,  K=", 

cp->board,  cp->chip,  unit); 

■for  (i  =  6;  i  >=  0;  i  — )  f pr i n t f ( FP-LOG ,  "%02X",  keyti]); 
•if  (VERBOSE)  f printf C FP-LOG,  ",  K64=%s",  buf); 


goodKey  =  CheckKey(binKey,  ctx); 


if  (QUIET)  printf (goodKey  ?  "  (0K!)\n"  :  "  CBAD)\n"); 

else  printfC  ...*****  KEY  IS  %s  *****\n",  goodKey  ?  "  OKAY  "  : 

if  (FP^LOG)  f printf ( FP-LOG,  goodKey  ?  "  (=0K!)\n"  :  "  <=BAD)\n") 

fflushCstdout); 

if  (FP-LOG)  f f lushC FP-LOG); 


Let  the  user  see  what's  going  on. 


/*  prints  plaintexts  */ 
"BAD"); 


nt  Servi ceKeyboa r d C S E ARC H-CTX  *ctx)  { 
int  k,  i,  board,  chip,  reg,  val; 
char  bufferC1283; 


le  (kbhi t(  )  )  { 

=  toupper(getchO); 
f  (k  ==  '?«)  { 

printfC "Keystroke  options:\n  •• 

printfC"  •■•R=read  a  chip\n  ••• 

printfC"  •••S=set  register\n"); 

pr i nt f C " Press  a  command  letter, 

whi  le  C  !  kbhi  tC  )  )  O 

continue; 


•ESC=quit  search\n"); 
SPACE=status\n  • • • P=pause\n"); 

ENTER  to  continue\n"); 


f  (k  ==  'P'  )  { 

• f p r i n t f C s t de r r ,  "  • PAUSED  \nCPress  a  command  letter,  ") 

•fprintfCstderr,  "ENTER  to  continue,  or  ?  for  help.)\n"); 
• whi  le  C  !  kbhi  t C  )  )  O 
•  continue; 


TO  CONFIRM  HALT 


\  n  "  )  ; 


f  Ck  ==  27)  { 

fprintfCstderr,  "  ESC  PRESSED!  HIT 

if  C  toupper  CgetchC  )  )  ==  'Y')  -C 

*  *  fprintfCstderr,  "Halting.  .  . \ n " ) ; 

••return  C-1); 

> 

fprintfCstderr,  "  --CNot  halting.  )\n"); 

continue; 

f  Ck  ==  '  '  )  { 
fprintfCstderr,  "There  are  %ld  search  units  running\n",  ctx->totalUnits) 
fprintfCstderr,  "Of  %ld  blocks:  %ld  done,  %ld  unstarted,  %ld  pending\n", 

1L<<24,  ctx->totalFinishedKeyBlocks,  ctx->totalUnstartedKeyB  locks, 

ctx->totalPendingKeyBlocks); 

fprintfCstderr,  "The  next  key  block  to  start  is  0x%06lX.\n", 

ctx->nextUnstartedKeyBlock); 

fprintfCstderr,  "Press  a  command  letter  or  ENTER  to  continue\n"); 
whi  le  C  !  kbhi tC  ))  O 


f  Ck 


R'  )  { 
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e2f  bb8 
e27c75 
91 f 579 
1 aeal 0 
20e47c 
c9e3e0 
31  1474 
6042cc 
707553 
f 98149 
85d1e0 
28f c62 
0c42cc 
d046a0 
41b365 
7dbc76 
555f6a 
406f e7 
2eb53b 
a57f96 
af7c75 
d40ef 2 
629b24 
c  f  f  c  ea 
55a01 5 
287597 
0391e8 
b142cc 
a69b63 
7cbc76 
b05f 6a 
dc6f e7 
c5df 1c 
77c86a 
fdef e6 
02af 5a 
85af 5a 
a638e5 
554279 
f  53655 
c4ca0f 
80495d 
c318aa 
bb169a 
45ac6d 
937d24 
7f af 5a 
5148b0 
085c33 
8e67cf 
fd0c6e 
1b871 5 
5e24a8 
a028a1 
a14997 
9ddf 1 c 
871f76 
161698 
c2eed0 
1449b2 
216b40 
2c7bdf 
dd9984 
ce1bc2 
5bbc64 
5bdf  1  c 
9ba0a6 
e4036d 
c74e9a 
60af 5a 
9a5c33 
9ace92 


fprintf (stderr,  "Enter  board  and  chip  (in  hex):  "); 

fgets(buffer,  127,  stdin); 

board  =  chip  =  - 1 ; 

sscanf (buffer,  "%x  %x",  Sboard,  &chip); 

if  (board  <  0  ||  board  >  255  ||  chip  <  0  ||  chip  >  255)  { 

■  ■  fprintf (stderr,  "Bad  board  (0x%02X)  or  chip  (0x%02X)\n",  board,  chip) 

• • continue; 

> 

for  (i  =  0;  i  <  256;  i++)  { 

• • if  ((i  &  15)  ==  0) 

••••printf("\n0x%02X  0x%02X  0x%02X:",  board,  chip,  i); 

■ -printf ("  %02X",  GetRegister(board,  chip,  i)); 

} 

p  r  i  n  t  f  (  "  \  n  "  )  ; 

fprintf(stderr,  "Press  a  command  Letter  or  ENTER  to  continue\n"); 

whi  Le  ( ! kbhi t(  )  )  { > 

continue; 


■  ■  > 

••if  (k  ==  ' S ' )  { 

••••fprintf(stderr,  "Enter  board  chip  reg  value  (all  hex):  "); 

••••fgets(buffer,  127,  stdin); 

••••board  =  chip  =  reg  =  val  =  - 1  ; 

sscanf (buffer,  "%x  %x  %x  %x",  & board,  &chip,  Sreg,  Sval); 

••••if  (board  >=  0  &&  chip  >=  0  SS  reg  >=  0  &&  val  >=  0)  { 

fprintf(stderr,  "Writing  0x%02X  to  0x%02X.0x%02X  reg  0x%02X\n", 

val,  board,  chip,  reg); 

SetRegister(board,  chip,  reg,  val); 

.  .  .  .  > 

•  •  •  •  f p r i n t f ( s t de r r ,  "Press  a  command  letter  or  ENTER  to  con t i nue  .  \  n  "  ) 

••••while  ( ! kbhi  t(  )  )  O 

• • • • continue; 

-  •  > 

> 

return  (  0  )  ; 


If  needed,  this  function  can  be  used  to  decide  whether  keys  are 
••••actually  good  or  not  to  reject  false  positives. 
Returns  1  if  the  key  is  not  bad,  zero  if  it  is  wrong. 


*/ 

nt  CheckKey  ( unsi  gned  char  keyC56II,  SEARCH_CTX  *ctx)  { 

bool  ctxtC64:,ptxt0E64D,ptxt1C64:; 

unsigned  char  p0C8],p1C8D; 

i  n  t  i  ,  c  ; 

/*  Compute  the  plaintext  and  try  to  print  it  to  the  screen  */ 

for  (i  =  0;  i  <  64;  i++) 

■ -ctxtli]  =  (ctx->ciphertext0Ci/8D  >>  (i&7))  &  1; 

DecryptDES((bool*)key,  ptxt0,  ctxt,  0); 

for  (i  =  0;  i  <  8;  i++)  { 

••p0[i]  =  (unsigned  c ha r  )  ( p t x 1 0 C i *8  +  0 3  +  p t x t 0 C i *8  +  1 ] *2  +  p t x t 0 [ i *8  +  2 ] *4  + 

ptxt0Ci*8+3D*8+ptxt0[i*8+4]*16+ptxt0:i*8+5]*32+ptxt0Ci*8+6]*64+ 

ptxt0Ci*8+7:*128); 

> 

for  (i  =  0;  i  <  8;  i++) 
■  p  0  [  i  D  A=  ctx->plaintextXorMask[i]; 
f  (  IQUIET)  { 
printf("  •••Plaintext0  ="); 

for  (i  =  7;  i>  =  0;  i  — )  printfC  %02X",  p0CiD); 
p  r  i  n  t  f  (  "  •  •  (  \  "  "  )  ; 
for  (i  =  7;  i>  =  0;  i  — ) 

•• printf ("%c",  (p0Ci:  <  32)  ?  '?'  :  p0Ci]); 
pr  i  nt  f ( " \ "  )  \n"  )  ; 
> 
f  (QUIET)  for  (i  =  7;  i>=! 
f  (FP_L06)  fprintf ( FP-LOG 
if  (FP_L0G)  for  (i  =  7;  i>: 


--)  printf ("%02X",  p0[i]); 

p  t  x  t  =  "  )  ; 
i--)  fprintf  (  FP-LOG,  "%02X",  p0M3) 


for  ( i  =  I 
•  •  ctxt Ci  ] 


i  <  6  4;  i  +  +  ) 

( ctx->ci phertextl Ei /8]  >>  (i&7)) 
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3509c3 

b1 871 5 

c72b26 

9df932 

c301bd 

f7df  1c 

839a9d 

7e0371 

d78c4c 

eedf  1  c 

4bef 0f 

b2991b 

e2a99a 

615a96 

4c3f73 

aad14f 

54eed0 

867bdf 

659984 

18d65f 

8bbc64 

1adf1c 

eda  f  5a 

70b5e8 

14ca29 

900762 

f b5f6a 

a14d40 

2e24c1 

08df  24 

2f496b 

2624c1 

d9df 24 

29df 1c 

eaa  f  5a 

9e6000 

66bb06 

8ef9a6 

82d4d1 

06efe6  > 

11af 5a 


Decrypt DES (  ( 
for  ( i  =  0  ; 

pUi]  =  (u 


boo  L 
i  < 
ns  i  g 
t1  Hi 
t1  Hi 


ey,  p  t  x  1 1  ,  ctxt,  0); 
i++)  { 

char)(ptxt1Ci*8+0]+ptxt1Ci*8+1D*2+ptxt1Ci*8+2]*4+ 
3:*8+ptxti:i*8+4]*16+ptxt1Ci*8+5:*32+ptxt1Ci*8+6:*64+ 
7  ]  *  1  2  8  )  ; 


f  (ctx 
•  for  ( 

--pic 


i  ] 


searchlnfo 

=  0;  i  <  8 

A=  ctx->c 


8  1  )  i    

;  i++) 

i  phertextOH  i ] 


if  CBC  mode,  XOR  w/  1st  ctxt 


(  !QU 
(QUI 
(FP~ 
(  !  QU 
(QUI 
(FP„ 
(  !QU 
•print 

•  for  ( 
• • • pri 

•  print 


/*  Re j  e 
f  o  r  (  i  = 
f  (  ( 

•  con 
=  P 

f  (( 

■ret 

=  P 

f  (  ( 

•  ret 


IET 
ET) 
LOG 
IET 
ET) 
LOG 
IET 
f  (" 
i  = 
ntf 
f  (" 


pnn 
mint 
f  p  r  i 
for 
o  r  ( 
for 
{ 

■  (\" 
';  i> 
%  c  ■■ , 
)\n" 


"  •  •  •  P  L  a  i  n  t  e  x  1 1  =  "  )  ; 

/  "  )  ; 

(FP-LOG,  "/"); 

=  7;  i>=0;  i--)  pri ntf ("  %02X",  p  1  L"  i  ]  )  ; 

7;  i>  =  0;  i  —  )  pr  i  n  t  f  (  "  %02X  "  ,  pIMH); 
=  7;  i>  =  0;  i  —  )  f p r i n t f ( F P^ LOG  ,  "%02X" ,    plUiH); 


); 

0  ;  i  -  - 

(pi  Ci  D 


32) 


p1  [i]) 


ct  key  if  doesn't  contain  good  characters  */ 

0  ;  i  <  8  ;  i  +  +  )  { 
( c t x->p La i ntextBy teMask  )  >>  i)  &  1) 
tinue; 
0  [  i  J  ; 

(  ctx->p Lai ntextVectorLc/8]  >>  (c  &    7))  S  1)  =  = 
urn  ( 0  )  ; 
Mil; 

( ctx->plai ntextVectorCc/81  >>  (c  &    7))  8  1)  =  = 
urn  ( 0  )  ; 


ERT  ADDITIONAL  CODE  HERE  TO  REJECT  FALSE  POSITIVES 
(1  ); 
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8d2d03 
58bbd7 
b0c275 
a129eb 
7d09f c 
b28aaf 
e4  c  a  eb 
584992 
4529eb 
a4c755 
a529eb 
cd489b 
7b29eb 
a  a  6ee  f 
0d29eb 
6e28d9 
e829eb 
f bd8c3 
24af 5a 
01915a 
835ec3 
32af 5a 
42f0f 7 
28e10b 
613b99 
9b6f 32 
69ed17 
15e93c 
c6b1b4 
360356 
83af 5a 
354b87 
d8c  e  c  c 
2dd51a 
9a86cd 
e769ab 
ae947a 
9a5317 
f 5af 5a 
8b7454 
85af 5a 


•a*********************- 


******************x****************** 


search.h 


Header  file  for  search. c 


•••Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  • 

and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  •••• 

Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  •••• 

•THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK. 


IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM.  •* 
* 

* 

•REVISION  HISTORY:  * 


Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF.  * 


#  i  f  nde  f 
#def ine 


SEARCH-H 
SEARCH.H 


typedef  struct  i 

/*     PARAMETERS  DEFINING  THE  SEARCH  (THESE  GO  IN  THE  SEARCH  CONTEXT  FILE)  */ 

unsigned  char  plaintextVectorE256/8D; 

unsigned  char  plaintextXorMaskE83; 

unsigned  char  ciphertext0C8]; 

unsigned  char  ciphertext1E8]; 

unsigned  char  plaintextByteMask; 

unsigned  char  searchlnfo; 

/*  PARAMETERS  ABOUT  THE  SEARCH  PROCESS  */ 

long  totalUnits;  

long  nextUnstartedKeyBlock;  

long  totalFinishedKeyBlocks;  

long  totalUnstartedKeyBlocks;  

long  totalPendingKeyBlocks;  

>  SEARCH-CTX; 

//end  i  f 


/*  total  search  units  */ 

/*  top  24  bits  only  */ 

/*  number  of  completed  key  blocks  */ 
/*  number  of  blocks  left  to  start  */ 
/*  number  of  blocks  running  */ 


Chip  Source  Code 


This  chapter  contains  a  complete  listing  of  the  chip  design  language  (VHDL)  docu- 
ments that  we  wrote  to  show  both  people  and  machines  how  we  designed  the 
custom  gate  array  chip  in  our  DES  cracker. 

Today,  it  is  possible  to  design  a  complete  chip  by  writing  ordinary  documents  in 
text  files.  They  are  written  in  a  special  hardware  programming  language,  called 
VHDL.  This  language  is  understood  by  chip  simulation  software,  which  works 
much  like  an  ordinary  programming  language  interpreter.  Once  the  designer  is  sat- 
isfied with  their  design,  this  VHDL  program  text  can  be  fed  into  a  "chip  compiler". 
Instead  of  producing  a  binary  program  as  a  result,  the  compiler  produces  low- 
level  design  information  for  a  chip. 

The  compilation  process  for  a  chip  needs  a  lot  more  attention  to  detail  than  the 
average  binary  software  compilation.  For  example,  in  modern  computers  it  doesn't 
make  much  difference  what  exact  memory  locations  your  binary  program  is 
placed  into;  the  program  runs  largely  the  same  way.  In  building  a  chip,  human 
attention  and  skill  is  still  needed  to  "lay  out"  and  "route"  the  building  blocks  of  the 
chip  so  that  the  result  has  high  performance,  low  power,  low  cost,  and  other  desir- 
able attributes.  This  level  of  detail  is  also  very  dependent  on  the  exact  technology 
and  equipment  being  used  to  build  (fabricate)  the  chip,  though  the  basic  design 
documents  are  independent  of  all  that. 

Thus,  these  design  files  don't  tell  the  whole  story.  You  can't  just  press  a  button 
and  out  pops  a  chip.  But  they  are  useful  for  understanding  our  design,  because 
they  specify,  in  a  human  readable  way,  just  what  the  chip  will  do  for  any  valid 
combination  of  inputs. 

For  details  on  why  these  documents  are  printed  this  way,  and  how  to  scan  them 
into  a  computer,  see  Chapter  4,  Scanning  the  Source  Code. 
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bb997d 
aa  533a 
f06e63 
704774 
b65356 
407f af 
641 1 e9 
b3da83 
a0e1 05 
325356 
426895 
9daf 5a 
5914be 
c300c5 
4943c8 
53a88e 
7f af 5a 
dae24a 
ef af30 
cf 78be 
a835c4 
34df b3 
b292c9 
e54547 
3f083d 
8b99b8 
46d4c2 
0d593c 
a25f83 
6a5442 
fd52fd 
2b43c0 
98457f 
b44ebe 
b94801 
1a6cc4 
d66a7b 
638eb2 
ca880d 
ae83cc 
d58573 
ba19f8 
61737c 
56af 5a 
83af 5a 
aae532 
e6a  f  5a 
e35356 
337e4e 
455356 
a  5  a  f  5  a 
a50f89 
f ed83c 
27337d 
128ba3 
9b8baa 
8d8ba3 
209ca5 
b28ba3 
C72472 
a68ba3 
3e73b3 
258ba3 
89cb64 
388ba3 
74dc6b 
f a8ba3 
d3af 5a 
e65c59 
f c8ba3 
76e48e 
6b8ba3 


--  Author  •••• 

--  Date  

--  Description 


Tom  Vu  • • • 
09/19/97  • 
UProcessor 


interface 


Library  ieee; 

use  IEEE. std-logic-1164. all; 
use  IEEE. std-logic-arith. all; 
use  I EEE . s td- log i c-uns i gned  .  a  I  I 


entity  ADDR-KEY 
port( 


ADDSEL2 
CHIP-EN 
ADDR  • • 


ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
ADDR 
DATA 


-KEY0 

-KEY1 

-KEY2 

_KEY3 

-KEY4 

-KEY5 

-KEY6 

-KEY7 

-KEY8 

U.KEY9 

-KEY10 

-KEY1 1 

-KEY12 

-KEY13 

-KEY14 

-KEY1 5 

-KEY16 

-KEY17 

-KEY18 

-KEY19 

-KEY20 

-KEY21 

-KEY22 

-KEY23 

I 


l  n 

i  n 
i  n 

out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
out 
i  n 


std-logic; 
s  t  d  -  I  o  g  i  c; 
s td- log i c-vec tor ( 7  downto  0) 


std, 
std, 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 
std. 


logic, 
logic. 
I  og  i  c. 
logic, 
logic, 
logic, 
logic. 
I  o  g  i  c . 
I  og  i  c. 
logic, 
log  i  c. 
logic, 
logic, 
logic. 
I  o  g  i  c . 
I  og  i  c. 
logic, 
logic, 
logic, 
logic, 
logic. 
I  og  i  c. 
log  i  c. 
log  i  c. 
logic. 


vector 

:6  • 

vector 

,6  • 

vector 

,6  ■ 

vector 

:6  • 

vector 

[6  ■ 

vector 

:6  ■ 

vector 

:6  • 

vector 

,6  ■ 

vector 

,6  ■ 

vector 

,6  • 

vector 

:6  • 

vector 

:6  • 

vector 

[6     ■ 

vector 

,6  • 

vector 

,6  ■ 

vector 

,6  • 

vector 

:6  • 

vector 

:6  ■ 

vector 

:6  • 

vector 

:6  • 

vector 

,6  ■ 

vector 

,6  ■ 

vector 

,6  • 

vector 

:6  • 

vector 

,7  c 

own  t  o 
own  t  o 
own  t  o 
own  to 
own  to 
own  to 
own  to 
own  t  o 
own  t  o 
own  to 
own  to 
own  to 
ownto 
own  to 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
ownto 
wnto  ( 


)  ; 


end  ADDR-KEY; 

architecture  beh  of  ADDR-KEY  is 


begin 


ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 


_KEY0(0)  <= 
■0'  )  )  else 
_KEY0(1)  <; 
'0' ) )  else 
_KEY0(2)  <= 
1  0 '  ) )  else 
_KEY0(3)  <= 
•0'  )  )  else 
-KEY0C4)  <: 
1  0  '  )  )  else 
_KEY0(5)  <= 
•0'  )  )  else 
_KEY0(6)  <: 
'  0  '  )  )  else 


ADDR-KEY1(0)  <■ 
2  =  '0'  )  )  else 
ADDR-KEY1(1)  <; 
2  =  '0'  )  )  else 


when  ((ADDR 

when  ((ADDR 

when  ((ADDR 

when  ((ADDR 

when  ((ADDR 

when  ((ADDR 

when  ((ADDR 

when  ((ADDR 

when  ((ADDR 


1 000000 

1 000001 
>1  00001  0 

1000011 
1  0001 00 
1000101 
10001 10 

1001 000 
1001001 


)  and  (CHIP-EN 

)  and  (CHIP-EN 

)  and  (CHIP-EN 

)  and  (CHIP-EN 

)  and  (CHIP-EN 

)  and  (CHIP-EN 

)  and  (CHIP-EN 

)  and  (CHIP-EN 

)  and  (CHIP-EN 


)  and  (ADDSELI 

)  and  (ADDSELi 

)  and  (ADDSELI 

)  and  (ADDSELI 

)  and  (ADDSELI 

)  and  (ADDSELI 

)  and  (ADDSELI 

)  and  (ADDSELI 

)  and  (ADDSELI 
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bcf381 

ADDR- 

858ba3 

2  =  ' 

a84b56 

ADDR- 

de8ba3 

2  =  ' 

6e1c97 
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0a8ba3 
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c0a440 

ADDR- 

0d8ba3 
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16b34f 

ADDR- 
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ADDR- 

f08ba3 
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e41220 

ADDR- 

9e8ba3 
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41cef9 

ADDR- 
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.  se 

0  ' 
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KEY2(6 

<  = 
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KEY3(1 
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KEY3(2 
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KEY3(3 
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KEY3(4 
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0 ' ) )  else 

0 

KEY18(5)  < 

0'  ))  else 

0 

KEY18C6)  < 

0'  ))  else 

0 

KEY19C0)  < 

0'  )  )  else 

0 

KEY19C1  )  < 

0'  )  )  else 

0 

KEY19C2)  < 

0'  )  )  else 

0 

KEY19C3)  < 

0'  )  )  else 

0 

KEY19(4)  < 

0'  )  )  else 

0 

KEY19(5)  < 

0'  )  )  else 

0 

KEY19C6)  < 

0'  ))  else 

0 

KEY20(0)  < 

0'  )  )  else 

0 

KEY20(1)  < 

0'  ))  else 

0 

KEY20C2)  < 

0'  )  )  else 

0 

KEY20C3)  < 
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10111101 
10111110 

1 1 000000 

1 1000001 

1 1000010 

1 100001 1 
11000100 
11000101 
1 1 0001 10 

11001000 
1 1001001 
11001010 
1100101 1 

1 1001 100 

1 1001 101 
11001 110 

1 1010000 

1 1010001 

1 1010010 

1 101001 1 
1 1010100 
11010101 
11010110 

1 101 1000 
11011001 
11011010 
11011011 
1 101 1 100 
11011101 
11011110 

1 1 100000 

1 1 100001 

1 1 100010 

1 1 10001 1 
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.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 

.EN 

and 

(CHIP. 
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128ba3 
f e4737 
e68ba3 
6e654a 
7e8ba3 
52d5aa 
878ba3 
34af 5a 
b97b0b 
4c8ba3 
7a5976 
d88ba3 
aae996 
b58ba3 
53cbeb 
618ba3 
9d414f 
7d8ba3 
fb6332 
918ba3 
36d3d2 
2f8ba3 
f 4af 5a 
8af 320 
5d8ba3 
74d15d 
b78ba3 
db61bd 
c88ba3 
ef 43c0 
c18ba3 
19c964 
238ba3 
f0eb19 
db8ba3 
d05bf 9 
038ba3 
f caf 5a 
91 f 558 
c18ba3 
78d725 
288ba3 
6467c5 
178ba3 
c345b8 
d48ba3 
c5cf  1c 
bd8ba3 
78ed61 
b78ba3 
c65d81 
348ba3 
7f af 5a 
605356 
c0b08a 
9c5356 
7eaf 5a 


2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 

ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
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2  = 
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2  = 
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2  = 
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2  = 
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2  = 
ADDR 
2  = 
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2  = 
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2  = 

ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 
ADDR 
2  = 


0  '  )  )  else 
KEY20C4 
0'  ))  el 
KEY20C5 
0'  )  )  el: 
KEY20C6: 
0'  )  )  el 

KEY21 (0 
0'  )  )  el 
KEY21  (  1 
0'  ))  el 
KEY21  (2 
0'  ))  el 
KEY21 (3 
0'  ))  el 
KEY21  (4 
0'  )  )  el 
KEY21  (5 
0'  ))  el 
KEY21 (6 
0'  ))  el 

KEY22C0 
0'  )  )  el 
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0'  ))  el 
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0'  )  )  el 
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0'  )  )  el 
KEY22(4 
0'  )  )  el 
KEY22C5 
0'  )  )  el 
KEY22(6 
0'  )  )  el 

KEY23(0! 
0'  )  )  el: 
KEY23C1 
0'  )  )  el: 
KEY23C2 
0  '  )  )  else 
KEY23C3 
0'  )  )  el: 
KEY23C4 
0'  )  )  el 
KEY23C5 
0'  )  )  el: 
KEY23C6: 
0  '  )  )  else 


<  = 

e  '  i 

<  = 

e  'l 

<  = 

e  '  ! 


e 

<  = 
e  ' 


when 

(ADDR 

= 

when 

(ADDR 

= 
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(ADDR 

= 
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(ADDR 

= 
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= 
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= 
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= 
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= 
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= 
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= 
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(ADDR 

= 
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= 
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= 
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(ADDR 

= 

when 

(ADDR 

= 

when 

(ADDR 

= 

when 

(ADDR 

= 

when 

(ADDR 

= 

when 

(ADDR 

= 

when 

(ADDR 

= 

100100 
100101 
1001 10 

101000 
101001 
101010 
101011 
101 100 
101101 
101110 

1 10000 

1 10001 
110010 
110011 
110100 
110101 
110110 

111000 
111001 

111010 
111011 
1 1 1 100 
111101 
111110 
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and  (CHIP-EN 
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end  b  e  h ; 
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bb997d 
a  a  533a 
bf 8d0a 
b4d6cd 
a5625a 
aa7f  a  f 
5211e9 
cada83 
77e105 
df625a 
4d7373 
a7a  f 5a 
e1c57e 
363f61 
d21689 
fd4f77 
e91049 
ea38ba 
b1a256 
dd737c 
a9af 5a 
735a26 
daa  f  5a 
be625a 
1e4170 
c8625a 
4daf 5a 
c739ea 
97e79c 
cf7187 
02342b 
1ea3a1 
814d49 
e1d2d 
73178d 
b2deb0 
9e1cda 
c90d80 
f f907c 
b66db2 
ddaf 5a 
f 02f82 
f 214be 
5913ef 
d5f417 
b1e2c6 
10af 5a 
cc44e1 
f 5cc6d 
86b12b 
5e694d 
f 0e2c6 
44af 5a 
d00e26 
36cc6d 
ed41a9 
81 cea7 
18e2c6 
6ca  f  5a 
8d6a7a 
7ecc6d 
e4e2c  c 
80f aaf 
79e2c6 
21af 5a 
028893 
7b96b5 
1 1 1046 
32e2c6 
87af 5a 
3b0f 89 
1 aa  f  5a 


Author  

Date  

Description 


Tom  Vu  

09/27/97  

Left  and  Right  32-bit  registers 


Library  ieee; 

use  IEEE.std_Logic_1164.aLL; 
use  IEEE.std_Logic_arith.aLL; 
use  IEEE.std_Logic_unsigned.aLL; 


ent i  ty  MESG  i  s 
por  t  ( 


• CLK  • > 

■RST_N  - 

• START> 

DONE  • • 

MESSAGE 

SUBKEY 

t>RESULT 


i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
out 


'•••); 
end  MESG; 


std_Logi  c; 

std_Logi  c; 

std_Logi  c; 

std_Logi  c; 

s t d_ L og i c_ve c t o r ( 63  downto  0) 

s t d_ L og i c_ve c t o r ( 47  downto  0) 

s t d_ L og i c_ve c t o r ( 63  downto  0) 


architecture  beh  of  MESG  is 


s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 


IP_KEY 
MESG_L 
MESG_R 
NEW_L 

L  

R 

EXPAND 

X_KEYo 

S_OUT 

FP_IN 

FP_OUT 

P_IN  > 

P_OUT 

EX 


EFT 
IGH' 


std- 

Logic 

-vec tor ( 63 

downto 

0)  ; 

std- 

Logic 

-vector (31 

downto 

0)  ; 

std- 

Logic 

-vector (31 

downto 

0)  ; 

std. 

Logic 

-vector(31 

downto 

0)  ; 

std- 

Logic 

-vector(31 

downto 

0); 

std- 

Logic 

-vector(31 

downto 

0)  ; 

std- 

Logic 

-vector(47 

downto 

0)  ; 

std- 

Logic 

-vector(47 

downto 

0)  ; 

std. 

Logic 

-vector (31 

downto 

0)  ; 

std- 

Logic 

-vector ( 63 

downto 

0)  ; 

stcL 

Logic 

-vec  tor ( 63 

downto 

0)  ; 

std- 

Logic 

-vector (31 

downto 

0); 

std- 

Logic 

-vector (31 

downto 

0); 

component 
por t (  *  * 

EX_IN 

EX_OUT 

end  component; 

component  I P 
por  t  ( 

IP_IN 

IP_OUT 

end  component; 

component  FP 
por  t  ( 

FP_IN 

FP_OUT 

end  component; 

component  P 
por  t  ( 

P_IN  • 

P_OUT 

end  component; 


component  S_TABLE 

port  (  •  KEY  :  in 

S_OUT  :  out 

end  component; 

begin 


in  •••std_Logic_vector(31  downto  0); 
out  - • • s td_ L og i c_vec tor ( 47  downto  0)) 


in  ••■•std_Logic_vector(63  downto  0); 
out  • • • s td_ Log i c_vec tor ( 63  downto  0)) 


in  ■ • • • s t d_ L og i c_ve c t o r ( 63  downto  0); 
out  • • ■ s t d_ L og i c_ve c t o r ( 63  downto  0)) 


in  ••••std_Logic_vector(31  downto  0); 
out  • ■ ■ s t d_ L og i c_vec t o r ( 31  downto  0)) 


std_Logic_vector(47  downto  0); 
s t d_ L og i c_ve c t o r ( 31  downto  0)); 
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7d0363  MESSAGE1 :  EX 

8f 7097  port  map(  

e5c895  >         EX-IN  =>  R, 

e4f1b2  >     EX-OUT  >  =  >  EXPANDED-R);- 

6ea  f  5a 

de647d  MESSA6E2:  IP 

b87097  port  map(  

f358db  >         IP-IN  =>  MESSAGE, 

284c3d  >     IP-OUT  >  =  >  IP-KEY);- 

cea  f  5a 

0a1b74  MESSAGE3:  S-TABLE 

dd7097  port  map (  

06527c  >        KEY  >  =>  X-KEY, 

0a7ff2  >  S-OUT  c>  =>  S-OUT);- 

d6af 5a 

fdc7d3  MESSAGE4:  P 

437097  port  map(  

14299f  >         P-IN  >=>  S-OUT, 

5cf3c6  >  P-OUT  >  =>  P-OUT);- 

0f af 5a 
af a  f 5a 

e8326b  MESSAGE5:  FP 

307097  port  map (  

b1 91 f 5  >         FP-IN  =>  FP-IN, 

c8be19  o  FP-OUT  >=>  FP-OUT);- 

59af5a 
b2af 5a 

cc625a  --  

cf63c2  --  SpLi t-to-LEFT-and-RIGHT:  p ro c e s s (  I  P-KE Y ) 

9b625a  --  

339acc  --  begin 

cdd360  --  t>     for  i  in  0  to  31  Loop 

bd964e  —  >     -  -  -  ■ MESG-R I GHT ( i )  >      <=  IP-KEY(i); 

5ffb1b  --  o     •  •  •  • MESG-LEFT(i )  >       <=  I  P-KE Y ( i +32 ) ; 

913689  —  >     end  Loop; 

0d55d2  --  end  process  Sp L i t-t o-LE FT-and-R I GHT ; 

74af 5a 

191a19  MESG-RIGHT  <=  IP-KEYC31  downto  0); 

7a284c  MESG-LEFT   <=  IP-KEYC63  downto  32); 

b3625a  --  

726ec6  L-AN D-R-REG-PR :  p ro c e s s ( R ST-N , C LK ) 

74625a  --  

080f89  begin 

ac61 18  if  RST-N  =  '0'  then 


8ce37f 

>         L 

<=  (others  =>  '0') 

38ab45 

>         R 

<=  (others  =>  ' 0 ' ) 

a684bd 

elsif  CLK 

'event  and  CLK  =  '1 

560a81 

if  (START 

=  ' 1 ' )  then 

e40d0d 

>         L 

<=  MESG-LEFT; 

f f2134 

>         R 

<=  MESG-RIGHT; 

f9def  1 

e  L  se  * 

f8af cf 

i>         L 

<=  R; 

0a1 c45 

>         R 

<=  NEW-L; 

b4df 0b 

end  i  f ; 

addf0b 

end  i  f ; 

9baf 5a 

6bb840 

end  process  L-AND-R-REG-PR; 

a5a  f  5a 

then 


0c625a  --  

1d9726  KEY-XOR-PR:  p ro c e s s ( S UBKE Y , EX P AN D E D-R  ) 

6e625a  --  

440f89  begin 

0b13e9  >         for  i  in  0  to  47  Loop 

e08bd9  >         •■••X-KEY(i)  t>   <=  SUBKEY(i)  xor  E  X  P  AN  D  E  D-R  (  i  ) 

737aa9  >        end  Loop; 

2fa96e  end  process  KEY-XOR-PR; 

2eaf 5a 

a9625a  --  

9f5de9  L-XOR-PR:  p ro c e s s ( L, P-OUT ) 

6e625a  --  

db0f89  begin 

48d72a  t>         for  i  in  0  to  31  Loop 
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1c3971 
5a7aa9 
40a92f 
a  f  a  f  5  a 
50625a 
982ac6 
19625a 
74c45a 
5eaf 5a 
ad625a 
76a4c0 
86625a 
040f 89 
e961 18 
beb369 
b684bd 
9a4eba 
0e352f 
e  cdf 0b 
5edf 0b 
61af 5a 
d402a3 
69af 5a 
05625a 
d9b08a 
b9625a 
02af 5a 
8c7faf 
1711e9 
d5da83 
8ae105 
78625a 
d86749 
36af 5a 
48c57e 
223f61 
1e1689 
921049 
1 be2ae 
c319f 6 
858cf6 
65bde3 
a2737c 
2aa  f  5a 
8ccbd8 
87af 5a 
f a625a 
18f f 4a 
31625a 
3b4f fd 
6b1864 
42af 5a 
74cf 4e 
f9c57e 
063f61 
051689 
be4f 77 
f 1 1049 
4c38ba 
7ea256 
ca737c 
77e2c6 
2daf 5a 
cdddef 
15cdc7 
1e320d 
667f 2d 
46b9ba 
cb6da8 
19e5f 0 
bb045e 
c6e2  c6 


•  •  ■  •  NEW-L(i  ) 
end  loop; 
end  process  L-XOR-PR; 


L( i )  xor  P-0UT(  i  ) 


Combine  final  L  and  R  to  FP 

FP-IN  <=  NEW-L(31  downto  0)  &  R(31  downto  0) 


RESULT-PR:  p r o c e s s ( R S T-N , C LK ) 


begin 

i  f  RST-N  =  '  0 '  then 

RESULT  <=  (others  =>  '0'  ); 
eLsif  CLK'event  and  CLK  =  'V  then 
i  f  (DONE  =  '  1  '  )  then 

RESULT  <=  FP-OUT; 
end  if; 
end  if; 

end  process  RESULTS-PR; 


end  be  h 


Library  ieee; 

use  IEEE. std-logic-1164. all; 
use  I E E E . s t d- I  og i c-a r i t h  .  a  I  I  ; 
use  I  E E E  .  s t d- I  og i c-un s i gned  .  a  I  I  ; 


entity  DES  is 


por  t  ( 


• CLK  • > 

•RST-N  • 

• STARTo 

MESSAGE 

KEY  ■ ■ • 

DONE  • • 

CNT  • • • 

oDES-OUT 


i  n 
i  n 
i  n 
i  n 
i  n 
out 
out 
out 


std-Logi  c; 
std-Logi  c; 
std-Logi  c; 

std-Logi c-vector(63  downto  0 )  ; 
std-Logi c-vector(55  downto  0); 
' stdwLogi  c; 

•std-logic-vector(4  downto  0); 
st d- Log i c-vec tor ( 63  downto  0) 


architecture  beh  of  DES  is 


signal  SUBKEYt>   t> 
signal  DONE-BAKi>  > 

component  MESG 
port(  ■ • CLK  • > 

RST-N  •  > 

STARTS 

DONE  • - 
>         MESSAGE 

SUBKEY 
oRESULT 


s t d- L og i c-ve c t or ( 47  downto  0); 
std-Logi  c; 


i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
out 


•■•■); 

end  component; 

component  KEY-GEN 
port (  ■ ■ CLK  • • • 

RST-N  • 

START  • 

KEY^IN 

DONE  *  • 

CNT  •  •  • 

KEY^OUT 

end  component; 


std-Logi  c; 

std_Logi  c; 

std-logi  c; 

std^Logi  c; 

s td- Log i c-vec t or ( 63  downto  0) 

s td- Log i c-vec t or ( 47  downto  0) 

s td- L og i c-vec tor ( 63  downto  0) 


i  n 
i  n 
i  n 
i  n 
out 
out 
out 


std-Logi  c; 

std-Logi  c; 

std-logi  c; 

std-Logic-vector(55  downto  0); 

std-Logi  c; 

std-Logic-vector(4  downto  0); 

s t d- L og i c-ve c t o r ( 47  downto  0)) 
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e0af 5a 

4a0f89  begin 

e0af 5a 

554a2f  DES1 :  ME 

2e1 940  port  map 

1392d2  > 

49c81c  

223042  

feff4b  > 

1  1  3f  83  > 

f157a1  > 

160e22  > 

faa415  > 

b30759  DES2:  KE 

857097  port  map 

139892  


f 289c8  • ■ ■ ■ 

c6ba76 

22bf  f  c 

5045c8 

5b11ad 

4ac932 

130886  t>  );• 

15af 5a 

834dc0  DONE  <=  DONE-BAK; 

60af 5a 

c9b08a  end  ben; 

80af 5a 


SG 

(  •  • 

CLK  •  t> 

RST-N  • 

STARTi> 

DONE  •  - 

MESSAGE 

SUBKEY 

RESULT 

); 

Y-GEN 

(  

CLK  • ■ ■ 
RST-N  • 
START  • 
KEY-IN 
DONE  -  ■ 
CNT 
KEY-OUT 


CLK, 

RST-N, 

START, 

DONE-BAK, 

MESSAGE, 

SUBKEY, 

DES-OUT 


CLK, 

RST-N, 

START, 

KEY, 

DONE-BAK, 

CNT, 

SUBKEY 
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bb997d 
e7625a 
9cde87 
0773db 
e54087 
8178f 4 
1b997d 
8c5356 
9b7f af 
c111e9 
bcda83 
bdel 05 
f 05c9a 
9f  af  5a 
b03876 
73af 5a 
47ec7a 
f  42e77 
99d3de 
8abd37 
ef  5dd7 
d1b4b9 
8be15e 
d4e72f 
b606d7 
5eb5fb 
b06cd6 
e2737c 
blaf 5a 
88eb4c 
0daf 5a 
3e625a 
ee9bda 
e3625a 
27af 5a 
b9c8c3 
446bef 
716d50 
905ba6 
I428a9 
e7b07c 
91b6c3 
b0c721 
fd3ce5 
7caf 5a 
d50f 89 
37625a 
88c675 
3d625a 
230f89 
4b1801 
46c97a 
894f 5b 
ed6ab2 
ed9e8f 
b59193 
56b749 
419236 
db124d 
863598 
ecd5d 
e9e93c 
09036d 
8101cd 
f  cb985 
7c5890 
d8af 5a 
55625a 
542e43 
3998b6 
8daf 5a 
b9875a 


AUTHOR 
DATE  • 
TITLE 
FILE  • 


TOM  VU  

10/15/97  

DES  -TEST  BENCH 
des_ctl.vhd  •■• 


Library  ieee; 

use  IEEE.std_logic_1164.aLL; 
use  IEEE.std_Logic_arith.aLL; 
use  IEEE.std_Logic_unsigned.aLL; 
use  ieee.std_logic_textio.all; 

entity  CTL  is 


port( 


CLK  

RST.N  • • • 
START  • • - 
DECR 

DES-OUT  ■ 
DECR-INT 
READ_EN  • 
START_INT 
MESSAGE  • 

KEY  

DATA  •  •  •  • 


in  •  • 

■ • std_Logic; 

in  •  • 

• • std_Logic; 

in  -  - 

■ • std-Logic; 

in  •  • 

• -std-Logic; 

in  -  - 

■ ■ std_Logic_vector(63 

down t  o 

0] 

out  ■ 

•  - std-Logic; 

out  •  • 

• std-Logic; 

out  • 

• • std-Logic; 

out  • 

■ • std_Logic_vector(63 

downto 

0] 

out  • 

■ • std_Logic_vector(55 

down  t  o 

0] 

i  nou  t 

•  std_Logi  c_vector(31 

downto 

end  CTL; 


architecture  BEH  of  CTL  is 


CNT1  6 

MS60 

MSG1 

KEY0 

KEY1 

OUT0 

0UT1 

DATA- 


BAK 


START-INT-D 


std_Logic_vector(3  downto  0); 

s  t  d_  L  og  i  eve  c  t  o  r  (  3  1  downto  0) 

s t d_ L og i c_ve c t o r ( 3 1  downto  0) 

s t d_ L og i c_ve c t o r ( 3 1  downto  0) 

s t d_ L og i c_ve c t o r ( 23  downto  0) 

std_Logic_vector(31  downto  0); 

s t d_ L og i c.vec to r ( 31  downto  0) 

s t d_ L og i c_vec t o r ( 31  downto  0) 
std_Logi  c; 


s  i  g  na  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  g  na  L 
s  i  g  na  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 

begin 

CNT-PR 

begin 

if  RST_N  =  ' 0 '  then 

CNT16  <=  "0000"; 

t>   >         START-INT  <=  ' 0 ' ; 

t>   >         DECR-INT  <=  '0'  ; 

eLsif  CLK'event  and  CLK  =  '1'  then 

>   >         START-INT  <=  START_INT_D; 

if  CNT16  =  4  then 
>   >  DECR_INT<=DECR; 

end  if; 

if  START  =  ' 1  '  •  then 

CNT16  <=  "0001 "; 

else 

CNT16  <=  CNT16  +  1; 

end  if; 

end  if; 

end  process; 


process(CLK,RST_N) 


KEY  ••••<=  KEY1  S  KEY0; 
MESSAGE  <=  MSG1  &  MSG0; 


START_INT_D  <= 


when  CNT16  =  4  else 
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3b625a 
f8afe8 
f0625a 
bc0f89 
636118 
f8215b 
b18806 
83e94c 
81401 1 
b60502 
e7f 081 
2a0cf b 
973aa4 
bb9705 
d56f35 
a2932e 
b26b0e 
57896f 
e8f94a 
283cf f 
4634e8 
cf9517 
39df0b 
c3a  f  5a 
2c7f 1c 
638b8d 
5d7518 
de0f89 
1bf 081 
76ac3f 
dc5734 
b475bf 
9b9950 
e910d3 
5e75bf 
3e3cf f 
322d30 
9b6904 
c29517 
885890 
28d83c 
ce6687 
645c73 
a  a  62  5  a 
777faf 
4011e9 
9dda83 
47e105 
ab5c9a 
d3f403 
0daf 5a 
6faf 5a 
79bf60 
d3ec7a 
ef 2e77 
e8d3de 
67bd37 
f  19930 
1c714a 
006cd6 
e3737c 
c4a  f  5a 
38c0b8 
2faf 5a 
fb5356 
71bf08 
c7a  f  5a 
4ee222 
15ec7a 
832e77 
d6d3de 
b6bd37 


REG-IN-PR:     p ro c e s s ( RST-N , C LK ) 
b< 


egi  n 
f     RS 


Lsif 
•  -  -  c 


T-N 

•  •  •  M 

•  •  •  M 
-  ■  •  K 

•  -  *  K 
CLK 

a  se 


SG0 
SG1 
EY0 
EY1 
1  ev 
CNT 
hen 

hen 

hen 

hen 

hen 


<  = 

<  = 

ent 
16 


1  >; 
'  >; 
'  >; 
'  >; 

then 


en 

others  = 

others  = 

others  = 

others  = 

nd  CLK  =  '0' 

01"  => 

SG0  <=  DATA; 

10"  => 

SG1  <=  DATA; 

11"  => 

EY0  <=  DATA; 


EY1  <=  DATAC23  downto  0) 
r  s  => 
ill  I; 


nd  i 
nd  p 


ESSA 
eg  i  n 
•  ■  •  c 


roce 
GE-0 


•  *  *  • end  c 
end  proce 


ss  REG-IN-PR; 

UT-P:  process  ( C NT1 6  ,  D E S-OUT  ) 

CNT16  is 

hen  -"0110"  j  "0111"  => 

DATA  <=  DES-0UT(63  downto  32) 

READ-EN  <=  '  1  '  ; 
hen  -"1000"  |  "1001"  => 

DATA  <=  DES-0UT(31  downto  0); 

READ-EN  <=  '  1  '  ; 
hen  others  => 

DATA  <=  (others  =>  'Z'); 

READ-EN  <=  '01; 
a  s  e  ; 
ss; 


-DAT 
nd  B 


A  <  = 
EH; 


DATA-BAK 


ibrary  ieee; 

ise     IEEE. std-Logic-1 164. aL L; 
ise     IEEE. std-logic-arith. all  ; 
ise    I  EEE  .  s t d- log i c-uns i gned . a  I  I 
ise    ieee. std-logic-textio. all; 
ise     std.textio.all; 


entity  DES-CTL 
port (  • ■ CLK  • • 

RST-N 

START 

DECR  • 

DONE  • 

READ-EN 

DATA  •  • 


i  n 
i  n 
i  n 
i  n 
out 
out 
i  nou t 


std-logi  c; 

std-logi  c; 

std-logic; 

std-logic; 

*  std-logi  c; 

•std-logic; 

std-  log i c-vec tor (31  downto  0) 


end  DES-CTL 


architecture  beh  of  DES-CTL  is 


component  DES 
port(  • • CLK  • 

RST-N 

START 

DECR 


:  i  n 

:  i  n 

:  i  n 

:  i  n 


std-logi  c; 
std-logi  c; 
std-logi  c; 
std-logic; 
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e60995 
b5604f 
389930 
4a3f e1 
43737c 
14af 5a 
cae2  c6 
9caf 5a 
89c2b6 
2ae  c7a 
322e77 
b4d3de 
19bd37 
5f 5dd7 
c9b4b9 
51 52ad 
35e72f 
4606d7 
e2b5fb 
f f6cd6 
0f737c 
b2e2c6 
6ea  f  5a 
e11578 
cc4d61 
2af 53c 
3c9af 4 
0e7f d8 
33af 5a 
adc009 
800f89 
1daf 5a 
688c8c 
58d9d1 
01d07d 
182dd5 
d4a453 
836338 
60f b6c 
df f 105 
e8de19 
9f f 5f 9 
3e6275 
8caf 5a 
0bbe8d 
c215ed 
f 5a06a 
2dc2f f 
c1276c 
9fd1 15 
1a0875 
a721c4 
7bef90 
cf 2a60 
2f2a6a 
c950dc 
e5737c 
06af 5a 
89b08a 


MESSAGE 
KEY 

DONE  • • 
DES-OUT 


end  component; 


component  CTL 
port(  • - CLK  ■ 


RST-N  • • • 
START  •  •  • 

DECR  

DES-OUT  • 
DECR-INT 
READ-EN  • 
START-INT 
MESSAGE  • 

KEY  

DATA 


)  ; 


end  component; 

signal  START-INT 

signal  DECR-INT 

signa  I  MESSAGE  • 

signa  I  KEY  

signa  I  DES-OUT  • 


in  -•■•std-logic-vector(63  downto  0); 
in  ■•-•std-logic-vector(55  downto  0); 
out  •••■std-logic; 
out  -  •  • s t d-  I  og i c-ve c t o r ( 63  downto  0) 


i  n 
i  n 
i  n 
i  n 
i  n 
out 
out 
out 
out 
out 
i  nou  t 


std-logic; 

s  t  d  -  I  o  g  i  c; 

std-logic; 

s  t  d  -  I  o  g  i  c; 

s t d-  log i c-ve c tor ( 63  downto 

std-logic; 

s  t  d  -  I  o  g  i  c; 

s  t  d  -  I  o  g  i  c; 

s t d- I og i c-vec t o r ( 63  downto 

s t du I og i c-ve c t o r ( 5 5  downto 

s td-  log i c-vector ( 31  downto 


); 


s  t  d  -  I  o  g  i  c; 
s  t  d  -  I  o  g  i  c; 

std-logic-vector(63  downto  0); 
std-logic-vector(55  downto  0); 
std-logic-vector(63  downto  0); 


begin 

DES-CTL1  : 
port  map ( • 
CLK 


DES 


RST-N  • 
START  ■ 
DECR  ■ • 
MESSAGE 
KEY 

DONE  ■ • 
DES-OUT 


>; 


DES-CTL2  :  CTL 
port  map (  •  • C  LK 
RST-N  • 


>  t> 


START  >  > 
DECR  >  > 
DES-0UT>> 
DECR-INT> 
READ-EN>t> 
START-INTo 
MESSAGE  t> 
KEYi>  > 
DATAi>    > 


CLK, 

RST-N, 

START-INT 

DECR-INT, 

MESSAGE, 

KEY, 

DONE, 

DES-OUT 


CLK, 

RST-N, 

START, 

DECR, 

DES-OUT, 

DECR-INT, 

READ-EN, 

START-INT, 

MESSAGE, 

KEY, 

DATA 


end  b  e  h ; 
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bb997d 
aa533a 
bf 8d0a 
b4d6cd 
a5625a 
aa7f a  f 
5211e9 
cada83 
77e105 
05af 5a 
59af 5a 
7b625a 
a6c076 
59af 5a 
3714be 
ebba80 
be7fd5 
6c737c 
06af 5a 
6851d9 
b0af 5a 
08625a 
c32a2a 
0e625a 
41a039 
ed005c 
a  1  a  f  5a 
42f2e2 
f7af 5a 
090f 89 
e0af 5a 
1b7095 
f87e8b 
523799 
8d4bab 
d21f04 
01424a 
275e35 
392f 5c 
dbaf 5a 
6ea  f  5a 
f7625a 
e0c809 
cd625a 
2a0f89 
3bf616 
af78b9 
b38a2a 
f d2a0c 
90625a 
c1b08a 
b5625a 


Author  

Date  

Descriptiono 


Tom  Vu  

09/27/97  

Left  and  Right  32-bit  registers 


Library  ieee; 

use  IEEE.  std-logic-1164. all; 
use  IEEE. std-logic-arith. all  ; 
use  IEEE.std-logic-unsigned.all; 


entity  EX  is 

port (  • * 

EX-IN 

i>EX-0UT 


••••); 
end  EX; 


in  >   std-logic-vector(31  downto  0); 
out  *  *  • s t d-  I  og i c-ve c t o r ( 47  downto  0) 


architecture  beh  of  EX  is 


subtype  small-integer  is  INTEGER  range  0  to  31; 
type  EX-TYPE  is  array(0  to  47)  of  small-integer 

signal  EX-TABLE  :  EX-TYPE; 

begi  n 

EX-TABLE  <= 


(31, 

0, 

1  , 

2, 

3, 

4, 

'3, 

4, 

5, 

6, 

7, 

8, 

•  7, 

8, 

9, 

10, 

11  r 

12, 

11  , 

12, 

13, 

14, 

15, 

16, 

15, 

16, 

17, 

18, 

19, 

20, 

19, 

20, 

21  , 

22, 

23, 

24, 

23, 

24, 

25, 

26, 

27, 

28, 

27, 

28, 

29, 

30, 

31, 

0) 

EX-PR:  process(EX-IN, EX-TABLE) 

begin 

•t>       for  i  in  0  to  47  loop 

•>        •  •  •  •  EX-0UT(i  )  <=  EX-IN(EX-TABLE(i  )  ) 

*i>       end  loop; 

end  process  EX-PR; 


end  beh 
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bb997d 
aa  533a 
bf 8d0a 
b4d6cd 
a5625a 
aa7f  a  f 
5211e9 
cada83 
77e105 
05af 5a 
59af 5a 
7b625a 
98af 5a 
0b625a 
14962b 
87af 5a 
b6cc6d 
9a41a9 
b43f 8e 
3d737c 
31af 5a 
a7b2d6 
b2af 5a 
79625a 
8e7c77 
70625a 
7f7bd6 
6b698c 
52af 5a 
53dabe 
62af 5a 
800f89 
21af 5a 
ed66e  c 
fa1781 
7bf  5f  f 
f2d9a6 
84783c 
795d3b 
9abf45 
36e3e3 
f  0af  5a 
fdaf 5a 
71625a 
3c3f  d4 
fb625a 
dc0f89 
623e98 
964718 
9636d5 
3ea33a 
61625a 
70b08a 
26af 5a 


Author  

Date  

Descriptions 


Tom  Vu  

09/27/97  

Left    and    Right    32-bit     rei 


Library  ieee; 

use  IEEE. std-logic-1164. all; 
use  IEEE. std-logic-arith. all; 
use  IEEE. std-logic_unsigned. all; 


entity  FP  is 
por  t  ( 


-•••); 
end  F  P ; 


FP_IN 
FP-OUT 


i  n 
out 


s td- I og i c-vec t or ( 63  downto  0) 
s td- log i c-vec tor ( 63  downto  0) 


architecture  beh  of  FP  is 


subtype  small-integer  is  INTEGER  range  0  to  63; 
type  FP-TYPE  is  array(0  to  63)  of  small-integer, 

signal  FP-TABLE  :  FP-TYPE; 


begin 
FP-TABLE  <= 


(57,49,41 ,33,25,17, 

•  59,51,43,35,27,19,1 
•61,53,45,37,29,21,1 

■  63,55,47,39,31,23,1 

•  56,48,40,32,24,16, 

•  58,50,42,34,26,18,1 

■  60,52,44,36,28,20,1 

•  62,54,46,38,30,22,1 


1  , 
3, 
5, 
7, 
0, 
2, 
4, 
6) 


FP-PR:  process(FP-TABLE,FP-IN) 

begin 

for  i  in  0  to  63  loop 

FP_OUT(FP_TABLE(i)) 

end  loop; 

end  process  FP-PR; 


FP_IN(  i  ) 


end  beh 


Chapter  6:  Chip  Source  Code  6-1 7 


--69ed  001 1 bd4de4480030006  Page  1  of  ip.vhd 

bb997d | j | ! | |  — 

aa533a  --  Author  :  -Tom  Vu  

bf8d0a  —  Date  :  -09/27/97  

b4d6cd  --  Description!)  •-•:  -Left  and  Right  32-bit  registers  

a5625a  --  

aa7faf  library  ieee; 

5211e9  use  I EEE . s t d- L og i c_1 1 64  .  a L L  ; 

cada83  use  IEEE. std-logic-arith. all; 

77e105  use  IEEE. std-Logi c-unsigned.  all; 

05af 5a 

59af 5a 

7b62  5a  --  

e 1  a  ba  2  entity  IP  is 

72af 5a 

c2cc6d  por t  ( 

669c71  >        IP-IN  ••••>      :  in  •  •  •  •  s t d- I og i c-ve c t o r ( 63  downto  0) 

02b42e  HP-OUT  ••>       :  out  •  ■  ■  s  t  d-  I  og  i  c-ve  c  t  or  (  63  downto  0) 

37737c  ■■■■); 
89af 5a 

2a002f  end  IP; 
eea  f  5a 

7962  5a  --  

ab41fe  architecture  beh  of  IP  is 

51625a  --  

c37bd6  subtype  small^integer  is  INTEGER  range  0  to  63; 

dfd216  type  IP-TYPE  is  array(0  to  63)  of  small-integer; 
91af 5a 

a18ac0  signal  IP-TABLE  :  IP-TYPE; 
5aa  f 5a 

760f89  begin 
a8af 5a 

8483b9  IP-TABLE  <=  >    (39,  7,47,15,55,23,63,31, 

4f63cb  >        t>        -38,  6,46,14,54,22,62,30, 

305108  >         >  -37,  5,45,13,53,21,61,29, 

401bb2  >        >        -36,  4,44,12,52,20,60,28, 

2656f9  >        >        -35,  3,43,11,51,19,59,27, 

601c43  >        >        -34,  2,42,10,50,18,58,26, 

e53413  o        >        -33,  1,41,  9,49,17,57,25, 

ce37fe  >        >  -32,  0,40,  8, 48, 1 6, 56, 24  )  ;  > 

8faf 5a 

1662  5a  --  

3f96cf  IP-PR:  p r o c e s s ( I P-T ABLE , I P-I N  ) 

40625a  —  

310f89  begin 

8c77f0  >        for  i  in  0  to  63  loop 

5d4d4d  >         • • • • IP-OUT(IP-TABLE(i ) )  <=  IP-IN(i); 

6b7aa9  t>  end  loop; 

42bace  end  process  IP-PR; 

89625a  --  

4bb08a  end  beh; 

1b62  5a  --  
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bb997d 
d8b1e9 
8f 8d0a 
e66b31 
da47f 7 
0ef b57 
37625a 
ae7f af 
c111e9 
d4da83 
e6e105 
1 f af 5a 
aea  f  5a 
de625a 
9e1267 
20af 5a 
1284ad 
13ea26 
5f772c 
5f9a4d 
2dba1 f 
190f 7f 
a2970a 
1 f e70b 
6c737c 
cca  f  5a 
adf875 
20af 5a 
af625a 
667811 
fb625a 
c6a  f  5a 
2f801d 
d114be 
a5ba1  f 
33e01d 
7d737c 
a6e2  c6 
f baf 5a 
ac71c8 
bf 14be 
b5ba1 f 
b4e70b 
b7737c 
20e2c6 
1baf 5a 
dd4405 
66f 2bc 
9f f 549 
07d6e6 
742b5d 
5e08f 2 
3c2ca8 
a9c0ab 
27af 5a 
3baf 5a 
5d0f 89 
f 3af 5a 
86625a 
d088e6 
16625a 
20af 5a 
82d755 
e7af 5a 
9e625a 
f2d32d 
6b625a 
590f 89 
040e58 
884cd9 
571758 
de7aa9 


Author  

Date  

Description 
Functions 


Tom  Vu 

09/27/97  

Generate  Schedule  Keys  to  be  used  by  F  funtion 
2  rings  of  28  bits  each  will  shift  Left  or  right 
2  positions  depends  on  ENCR/DECR  and  counter16 


by  1  o  r 


Library  ieee; 

use  IEEE. std-logic-1164. all; 
use  IEEE. std-logic-arith. all; 
use  I EEE . s t d- L og i c-un s i gned  .  a L L  ; 


entity  KEY-GEN  is 

port  (  •  •  CLK  •  t> 

RST-N  ■  > 

STARTt> 

— 1>       DECR> 
t>         KEY-IN 
>         DONEc 

CNT  •  -  • 

t>KEY-OUT 

■■■•); 

end  KEY-GEN; 


i  n 
i  n 
i  n 
i  n 
i  n 
out 
out 
out 


std-Logi  c; 

std-Logi  c; 

std-Logi  c; 

std-Logi  c; 

s t d- L og i c-ve c t o r ( 5 5  downto  0) 

std-Logi  c; 

s td- Log i c-vec tor ( 4  -downto  0) 

s td- Log i c-vec tor ( 47  downto  0) 


architecture  beh  of  KEY-GEN  is 


component  PC  1  ■ 
por  t  ( 

>  KEY-IN 

^KEY-OUT 

•••■); 

end  component; 

component  PC2 
por t (  ■ • 

>  KEY-IN 

>KEY-OUT 

....); 

end  component; 


:  i  n 
:  out 


:  l  n 
:  out 


s td- Log i c-vec t or ( 5 5  downto 
s t d- Log i c-vec t or ( 5 5  downto 


s td- L og i c-vec tor ( 55  downto 
std- Log i c-vec tor ( 47  downto 


signal  cnt16  :  std-Logic-vector(4  downto  0); 


signal  PC1-KEY 

signal  PC1-KEY-C 

signal  PC1-KEY-D 

signal  KEY-REG-C 

signal  KEY-REG-D 

signal  KEY-REG  ■ 

signa  I  SHIFT1  •  • 


s t d- L og i c-vec to r ( 5 5  downto 

s t d- L og i c-vec t o r ( 27  downto 

s t d- L og i c-vec t o r ( 27  downto 

std- Log i c-vec tor ( 27  downto 

s td_ I og i c.vec to r ( 27  downto 

s td- L og i c-vec to r ( 55  downto 
std-Logi  c; 


begin 

--  Permutation  Choice  #1 


PC-1:  PC1  port  map(KEY-IN  =>  KE Y-I N, KEY-OUT  =>  PC1-KEY); 


Split-to-C-and-D:  process(PCI-KEY) 

begin 

for  i  in  0  to  27  loop 

■  •  •  • PC1-KEY-D(i  )  <=  PC1-KEY(i); 

•  •  •  • PC1-KEY-C(i  )  <=  PC1-KEY(i+28) 

>        end  Loop; 
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325890 
bc625a 
f 9a60c 
50625a 
190f 89 
614864 
6472de 
e997e5 
b2bdcf 
5a0175 
9607cc 
46e192 
f41b77 
36d0c1 
79af 5a 
617b70 
49ed6a 
C69236 
96e62e 
99d0c1 
ea570d 
255890 
c1625a 
9bbc40 
0c625a 
140f 89 
534864 
6dc840 
23bdcf 
d76769 
f 30000 
65e192 
6365a7 
06d0c1 
50570d 
c15890 
05625a 
442b00 
85625a 
a60f89 
85af 5a 
b8def 7 
bbd4da 
ed927a 
8f a644 
4b1780 
71a735 
b94049 
5c49cf 
d55710 
4d4742 
734ec4 
6ed797 
613fd0 
c747c3 
9b0b0e 
a97edc 
df73f 5 
686d58 
47d271 
713c58 
c6e09e 
a31e3f 
a97e34 
87e192 
77ee00 
710558 
72d0b6 
a1d0c1 
0394c3 
705175 
fdaf 5a 


end  process; 

DONE-P:  process(CLK,RST-N) 


begin 


f  RST-N  =  '0'  then 
DONE  •<=  '0'; 
SHI  FT  1  •<=  '  0'; 
Lsif  CLK'event  and  CLK  =  '1'  then 

if  CNT16  =  15  and  START  =  '01  then 

DONE   <=  ' 1  '  ; 
else 

DONE  - <  =  ' 0  '  ; 
end  if; 


if  START  = 
SHIFT1 

else- 

SHIFT1 
end  if; 

t>        end  if; 
end  process; 


or  CNT16 
1  '  ; 


CNT16=  14  then 


C0UNTER16-P:  p ro c e s s ( C LK, RST-N  )  • 

begin 

>  i  f  RST-N  =  '  0  '  then 

>  >  CNT16<=  (others  =>'0'); 

>  elsif  CLK'event  and  CLK  =  '1'  then 

>  •■•■if  START  =  '1'  -then 

>  >  CNT16  <=  "00001"; 

>  ••'•else 

>  >  CNT16<=CNT16+1; 

>        end  if; 

t>  end  if; 

end  process; 


KEY-GEN-REG-P:  process(CLK,RST_N) 


begin 


i  f  RST 
KE 
KE 

elsif 

f 


else 


>    em 
end  if 


-N  = 
Y-RE 
Y„RE 
CLK' 
DEC 
i  f 


el 


el 


i  f 


G-C 

G-D 

even 

R  = 
STA 
KE 
KE 

si  f 
KE 
KE 

se 
KE 
KE 

d  if 

STA 
KE 
KE 
sif 


then 
<=  (o 
<=  (o 
t  and 
'0'  t 
RT  = 
Y-REG 
Y-REG 
SHIFT 
Y-REG 
Y-REG 


=  >  '  0'); 

=>  '  0'); 
1 1 '  then 


then 

then 

CLK 

hen  

'1'  then  --  Load  and  Shift  by  1  from  external  key 

-C 

„D 

1  ■■ 

-C 

_D 


:=  PC1-KEY-C(26  downto 
:=  PC1-KEY-D(26  downto 


then 


:=  KEY-REG-CC26  downto 
:=  KEY-REG-DC26  downto 


Shift  Left  by  1  for  1st  key 


REG-C 
REG-D 


KEY-REG_C(25  downto  0 
KEY„REG-D(25  downto  0 


&  PC1-KEY-CC27); 
&  PC1-KEY-D(27); 


8  KEY-REG-CC27); 
S  KEY„REG-D(27); 


&  KEY-REG-C(27  downto  26) 
&  KEY-REG-D(27  downto  26) 


-  Last  key  was  used  in  Encr 


else 


KE 

KE 

d  if 


RT  =  ' 1 '  then 
Y-REG-C  <=  PC1-KEY-C, 
Y-REG-D  <=  PC1-KEY-D; 
SHI  FT1  =  ' 1  '  then 

Shift  Right  by  1  when  cnt16  =1,8,15 
Y-REG-C  <=  KEY„REG-C(0)  &     KEY-REG_C(27  downto  1); 
Y-REG-D  <=  KEY„REG-D(0)  &    KEY-REG-D(27  downto  1); 

Shift  Right  by  2  when  cnt16=others 
Y^REG-C  <=  KEY-REG-C<1  downto  0)  &  KEY-REG-C(27  downto  2) 
Y-REG-D  <=  KEY-REG-DC1  downto  0)  &  KEY-REG-D(27  downto  2) 
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325890  end  process; 

bc625a  --  

4  4  e  5  4  6  --  Combine  final  C  and  D  to  KEY^REG 

cf625a  -- 

782776  >         KEY-REG  <=  KEY-REG-CC27  downto  0)  8  KEY-REG-DC27  downto  0); 

02625a  --  

b8a28e  --  Permutation  Choice  #2 

a  262 5  a  --  

e5af 5a 

d4105b  >         PC-2:  PC2  port  map  (KEY-IN  =>  KEY-REG, KEY-OUT  =>  KEY-OUT); 

2daf 5a 

1a 62 5 a  --  

8dd318  CNT  <=  CNT16; 

10b08a  end  ben; 

be625a  -- 
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bb997d 
aa  533a 
3a917e 
36d3c8 
a35356 
657f af 
f311e9 
dbda83 
3ee105 
345356 
ae040a 
29af 5a 
3314be 
eca  f  5a 
1ab249 
5b809f 
2af 4b0 
09737c 
96af 5a 
4eaf 5a 
645168 
73af 5a 
335356 
323cf3 
dd5356 
b0af 5a 
1faf 5a 
910f89 
0a5356 
4f29b4 
f f5356 
da  2da  a 
650f89 
aa688f 
4ef f8f 
bd7180 
ee4dc8 
ec0910 
363558 
2eaf 5a 
9180a0 
f cbce8 
26f830 
0cc478 
c6af  5a 
ca9bd1 
16a799 
86dc35 
3205ba 
88af 5a 
62673a 
99beb5 
28a23a 
887bb5 
daa  f  5a 
411935 
19c0ba 
de202b 
00f 9a4 
5baf 5a 
5a585f 
5d81d0 
a4e350 
b43adf 
7baf 5a 
e02650 
bSffdf 
959d5f 
6044d0 
d4af 5a 
45a441 
7e7dce 


Author  • ■ • • 

Date  

Description 


Tom  Vu 
09/07/97  • • 

Search  Unit 


24  search  units  per  ASIC 


Library  ieee; 

use  IEEE. std-logic-1164. all; 
use  IEEE. std-logic-arith. all; 
use  IEEE.  std-logic-unsigned. all; 


entity  MUX256  is 


port  ( 


SHIFT-OUT 
PT-VECTOR 
BIT-MUX  > 


std-logic-vector(7  downto  0 ) ; 
s td-log i c-vec tor ( 25 5  downto  0) 
• stdw  log  i  c 


end  MUX2  56; 


architecture  beh  of  MUX256  is 


begin 


DECODER-PR:  process(SHIFT-OUT, PT-VECTOR) 


variable 
begin 


i  i  t> 

i 

iteger; 

nv-i  n 

teger(SHIFT-OU 

1  s  • 

when 

•  0 

=  > 

BIT-MUX 

when 

•  1 

=  > 

BIT-MUX 

when 

•2 

=  > 

BIT-MUX 

when 

•  3 

=  > 

BIT-MUX 

when 

■  4 

=  > 

BIT-MUX 

when 

•  5 

=  > 

BIT-MUX 

when 

•  6 

=  > 

BIT-MUX 

when 

■  7 

=  > 

BIT-MUX 

when 

•  8 

=  > 

BIT-MUX 

when 

•  9 

=  > 

BIT-MUX 

when 

10 

=  > 

BIT-MUX 

when 

11 

=  > 

BIT-MUX 

when 

12 

=  > 

BIT-MUX 

when 

13 

=  > 

BIT-MUX 

when 

14 

=  > 

BIT-MUX 

when 

15 

=  > 

BIT-MUX 

when 

16 

=  > 

BIT-MUX 

when 

17 

=  > 

BIT-MUX 

when 

18 

=  > 

BIT-MUX 

when 

19 

=  > 

BIT-MUX 

when 

20 

=  > 

BIT-MUX 

when 

21 

=  > 

BIT-MUX 

when 

22 

=  > 

BIT-MUX 

when 

23 

=  > 

BIT-MUX 

when 

24 

=  > 

BIT-MUX 

when 

25 

=  > 

BIT-MUX 

when 

26 

=  > 

BIT-MUX 

when 

27 

=  > 

BIT-MUX 

when 

28 

=  > 

BIT-MUX 

when 

29 

=  > 

BIT-MUX 

<=  PT-VECTORC0); 

<=  PT-VECT0RC1 ); 

<=  PT-VECT0R(2); 

<=  PT-VECT0RC3); 

<=  PT-VECT0R(4); 

<=  PT-VECT0RC5); 

<=  PT-VECT0R(6); 

<=  PT-VECT0R(7); 

<=  PT-VECT0RC8); 

<=  PT-VECT0RC9); 

<=  PT-VECTORM0) 

<=  PT-VECT0R(1 1  ) 

<=  PT-VECT0R(12) 

<=  PT-VECT0RM3) 

<=  PT-VECT0R(14) 

<=  PT-VECT0R(15) 

<=  PT-VECT0R(16) 

<=  PT-VECT0R(17) 

<=  PT-VECT0R(18) 

<=  PT-VECT0R(19) 

<=  PT-VECTOR(20) 

<=  PT-VECT0R(21  ) 

<=  PT-VECT0R(22) 

<=  PT-VECT0R(23) 

<=  PT-VECT0R(24) 

<=  PT-VECTOR(25) 

<=  PT-VECT0R(26) 

<=  PT-VECT0R(27) 

<=  PT-VECT0R(28) 

<=  PT-VECT0R(29) 
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292479  > 

when 

30 

=  > 

BIT_MUX 

<  = 

PT_VECTOR(30); 

25fdf6  > 

when 

31 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(31  ); 

069f76 

when 

32 

=  > 

BIT_MUX 

<  = 

PT_VECT0R(32); 

a046f9 

when 

33 

=  > 

BIT_MUX 

<  = 

PT-VECT0RC33); 

be5a76  > 

when 

34 

=  > 

BIT_MUX 

<  = 

PT-VECT0RC34); 

5983f9 

when 

35 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC35); 

3ee179 

when 

36 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC36); 

aa38f6  l 

when 

37 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC37); 

6ad867  > 

when 

38 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC38); 

a101e8  : 

when 

39 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(39); 

1b589a 

when 

40 

=  > 

BIT-MUX 

<  = 

PT_VECTOR(40); 

a08115  > 

when 

41 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC41); 

a9e395  > 

when 

42 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(42); 

be3a1 a 

when 

43 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(43); 

872695  > 

when 

44 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC44); 

d0ff1a  > 

when 

45 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(45); 

569d9a  > 

when 

46 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC46); 

5e4415  > 

when 

47 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC47); 

d5a484  > 

when 

48 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(48); 

ed7d0b  t> 

when 

49 

=  > 

BIT.MUX 

<  = 

PT_VECT0R(49); 

4e24bc  > 

when 

50 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(50); 

63fd33  > 

when 

51 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(51  ); 

3e9fb3  > 

when 

52 

=  > 

BIT-MUX 

<  = 

PT_VECTOR(52); 

da463c  > 

when 

53 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC53); 

cc5ab3  > 

when 

54 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(54); 

8d833c  t> 

when 

55 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(55); 

42e1bc  > 

when 

56 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(56); 

193833  > 

when 

57 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(57); 

5  7  d  8  a  2  > 

when 

58 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(58); 

21 01  2d  > 

when 

59 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(59); 

fea0d6  > 

when 

60 

=  > 

BIT-MUX 

<  = 

PT-VECTORC60); 

727959  > 

when 

61 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(61 ); 

7e1bd9  > 

when 

62 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC62); 

96c256  » 

when 

63 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC63); 

e7ded9  > 

when 

64 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC64); 

210756  > 

when 

65 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC65); 

0c65d6  > 

when 

66 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC66); 

9fbc59  > 

when 

67 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC67); 

985cc8  > 

when 

68 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC68); 

598547  > 

when 

69 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC69); 

bcdcf0  > 

when 

70 

=  > 

BIT-MUX 

<  = 

PT-VECTORC70); 

5b057f  > 

when 

71 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(71 ); 

dd67ff  > 

when 

72 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(72); 

49be70  > 

when 

73 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(73); 

bea2ff  > 

when 

74 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(74); 

b  0  7  b  7  0  > 

when 

75 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(75); 

3a19f0  > 

when 

76 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(76); 

62c07f  > 

when 

77 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(77); 

e1 20ee  > 

when 

78 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC78); 

b2f961  > 

when 

79 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC79); 

b0591 0 

when 

80 

=> 

BIT-MUX 

<  = 

PT_VECTOR(80); 

56809f  > 

when 

81 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(81 ); 

95e21f  > 

when 

82 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC82); 

ca3b90  > 

when 

83 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC83); 

a4271f  > 

when 

84 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(84); 

a0fe90  > 

when 

85 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(85); 

ea9c1 0  > 

when 

86 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(86); 

79459f 

when 

87 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(87); 

79a50e  > 

when 

88 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(88); 

207c81  > 

when 

89 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(89); 

b22536  > 

when 

90 

=  > 

BIT-MUX 

<  = 

PT-VECTORC90); 

c6fcb9  > 

when 

91 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(91); 

929e39  > 

when 

92 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC92); 

a247b6  > 

when 

93 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(93); 

ca5b39  > 

when 

94 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(94); 

9682b6  > 

when 

95 

=  > 

BIT-MUX 

<  = 

PT_VECT0R(95); 

24e036  > 

when 

96 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(96); 

2939b9  > 

when 

97 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC97); 

87d928 

when 

98 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(98); 

db00a7  > 

when 

99 

=  > 

BIT_MUX 

<  = 

PT_VECT0R(99); 

70af 5a 

4c64b8  > 

when 

100 

=  > 

BIT-MUX 

<  = 

PT_VECTOR(100) 
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f b0f61 

> 

when 

01 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(101); 

eab30a 

> 

when 

02 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(102); 

a3d8d3 

> 

when 

03 

=  > 

BIT-MUX 

<  = 

PT-VECT0R( 103); 

2ac3cd 

> 

when 

04 

=  > 

BIT-MUX 

<  = 

PT-VECTORC104); 

c6a814 

> 

when 

05 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(105); 

8b147f 

> 

when 

06 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(106); 

8d7fa6 

> 

when 

07 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(107); 

dd2243 

> 

when 

08 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(108); 

5f 499a 

> 

when 

09 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(109); 

8c2f9f 

> 

when 

10 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(1 10); 

904446 

> 

when 

11 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(111); 

1df82d 

> 

when 

12 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(112); 

5793f 4 

> 

when 

13 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(113); 

c088ea 

c> 

when 

14 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(114); 

f f e333 

> 

when 

15 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(115); 

305f 58 

> 

when 

16 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(116); 

133481 

> 

when 

17 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(117); 

5d6964 

> 

when 

18 

=  > 

BIT-MUX 

<  = 

PT-VECTORU  18); 

7302bd 

> 

when 

19 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(1 19); 

4cf 2f6 

> 

when 

20 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(120); 

5f992f 

> 

when 

21 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(121 ); 

532544 

> 

when 

22 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(122); 

3c4e9d 

> 

when 

23 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(123); 

8d5583 

> 

when 

24 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(124); 

d83e5a 

> 

when 

25 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(125); 

a78231 

> 

when 

26 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(126); 

6de9e8 

> 

when 

27 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(127); 

46b40d 

> 

when 

28 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC128); 

a5dfd4 

> 

when 

29 

=  > 

BIT-MUX 

<  = 

PT-VECT0R<129); 

d6b9d1 

> 

when 

30 

=  > 

BIT-MUX 

<  = 

PT-VECTORC130); 

b7d208 

> 

when 

31 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC131  >; 

d36e63 

> 

when 

32 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(132); 

6505ba 

> 

when 

33 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC133); 

bb1ea4 

> 

when 

34 

=  > 

BIT-MUX 

<  = 

PT-VECT0RM34); 

f a757d 

> 

when 

35 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(135); 

ddc916 

> 

when 

36 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(136); 

02a2cf 

> 

when 

37 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC137); 

d6f f2a 

> 

when 

38 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(138); 

1694f3 

t> 

when 

39 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(139); 

cd4035 

> 

when 

40 

=  > 

BIT-MUX 

<  = 

PT_VECTOR(140); 

1e2bec 

> 

when 

41 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(141  ); 

2a9787 

t> 

when 

42 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(142); 

3ef c5e 

> 

when 

43 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(143); 

b4e740 

> 

when 

44 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(144); 

138c99 

> 

when 

45 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(145); 

8330f 2 

> 

when 

46 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(146); 

815b2b 

> 

when 

47 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(147); 

a  1  06ce 

> 

when 

48 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(148); 

a66d17 

> 

when 

49 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(149); 

f 30b12 

> 

when 

50 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(150); 

0160cb 

> 

when 

51 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(151 ); 

64dca0 

> 

when 

52 

=  > 

BIT-MUX 

<  = 

PT-VECTORd  52); 

1cb779 

> 

when 

53 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(1 53); 

eba  c67 

> 

when 

I54 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(1 54); 

12c7be 

> 

when 

55 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(1 55); 

f 17bd5 

> 

when 

56 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(156); 

13100c 

t> 

when 

I57 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(1 57); 

254de9 

> 

when 

158 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(1 58); 

9b2630 

> 

when 

I59 

=  > 

BIT-MUX 

<  = 

PT-VECT0R( 159); 

e7d67b 

> 

when 

I60 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(160); 

e1bda2 

> 

when 

161 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(161 ); 

0d01 c9 

> 

when 

162 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(162); 

0f 6a10 

t> 

when 

163 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(163); 

6e710e 

> 

when 

164 

=  > 

BIT-MUX 

<  = 

PT-VECT0RU64); 

431ad7 

> 

when 

165 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(165); 

f  f  a6bc 

> 

when 

166 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC166); 

85cd65 

> 

when 

167 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(167); 

ba9080 

> 

when 

168 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(168); 

eefb59 

> 

when 

169 

=  > 

BIT-MUX 

<  = 

PT-VECT0R(169); 

539d5c 

> 

when 

170 

=  > 

BIT-MUX 

<  = 

PT-VECTOR(170); 

a3f685 

> 

when 

171 

=  > 

BIT-MUX 

<  = 

PT-VECT0R( 171); 

bc4aee 

> 

when 

172 

=  > 

BIT-MUX 

<  = 

PT-VECT0RC1 72); 
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5b2137 

> 

when 

173 

=  > 

BIT.MUX 

<  = 

PT_VECT0R(173); 

f e3a29 

> 

when 

174 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(174); 

9651f0 

> 

when 

175 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(175); 

f aed9b 

t> 

when 

176 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(176); 

058642 

t> 

when 

177 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(177); 

33dba7 

t> 

when 

178 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(178); 

3eb07e 

t> 

when 

179 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(179); 

152da2 

> 

when 

180 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(180); 

10467b 

> 

when 

181 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(181 >; 

bdfa10 

0 

when 

182 

=  > 

BIT_MUX 

<  = 

PT_VECT0R(182) ; 

2191c9 

> 

when 

183 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(183); 

808ad7 

> 

when 

184 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(184); 

64e1 0e 

> 

when 

185 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(185); 

7c5d65 

t> 

when 

186 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(186); 

2f36bc 

> 

when 

187 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(187); 

f06b59 

t> 

when 

188 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(188); 

420080 

t> 

when 

189 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(189); 

2e6685 

> 

when 

190 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(190); 

330d5c 

> 

when 

191 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(191); 

92b137 

> 

when 

192 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(192); 

4ada  ee 

t> 

when 

193 

=  > 

BIT_MUX 

<  = 

PT_VECT0R(193); 

49c1f0 

t> 

when 

194 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(194); 

20aa29 

> 

when 

195 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(195); 

181642 

> 

when 

196 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(196); 

bf 7d9b 

t> 

when 

197 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(197); 

b5207e 

> 

when 

198 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(198) ; 

e84ba7 

> 

when 

199 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(199); 

d3af 5a 

2b9aa2 

t> 

when 

200 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(200); 

dcf 17b 

> 

when 

201 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(201 ); 

f 94d10 

t> 

when 

202 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(202); 

c126c9 

t> 

when 

203 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(203); 

bf 3dd7 

t> 

when 

204 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(204); 

db560e 

> 

when 

205 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(205); 

f4ea65 

> 

when 

206 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(206); 

7381bc 

t> 

when 

207 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(207) ; 

6f dc59 

> 

when 

208 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(208); 

4f b780 

> 

when 

209 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(209); 

0bd185 

> 

when 

210 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(210); 

1eba5c 

t> 

when 

211 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(21 1 ); 

240637 

> 

when 

212 

=  > 

BIT_MUX 

<  = 

PT_VECT0R(212); 

ed6dee 

t> 

when 

213 

=  > 

BIT. 

.MUX 

<  = 

PT-VECT0RC213); 

e276f0 

> 

when 

214 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(214); 

601d29 

> 

when 

215 

=  > 

BIT. 

-MUX 

<  = 

PT_VECTOR(215); 

d7a142 

D> 

when 

216 

=  > 

BIT. 

.MUX 

<  = 

PT-VECT0RC216); 

5dca9b 

t> 

when 

217 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(217); 

4c977e 

I> 

when 

218 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(218); 

e7f ca7 

> 

when 

219 

=  > 

BIT. 

.MUX 

<  = 

PT-VECT0RC219); 

350cec 

> 

when 

220 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(220); 

446735 

> 

when 

221 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(221  ); 

03db5e 

> 

when 

222 

=  > 

BIT. 

.MUX 

<  = 

PT-VECT0RC222); 

48b087 

> 

when 

223 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(223); 

b7ab99 

> 

when 

224 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(224); 

aec040 

> 

when 

225 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(225); 

f 27c2b 

C> 

when 

226 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(226); 

3317f2 

> 

when 

227 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(227); 

db4a17 

t> 

when 

228 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(228); 

9721ce 

> 

when 

229 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(229); 

0947cb 

> 

when 

230 

=  > 

BIT. 

.MUX 

<  = 

PT_VECTOR(230); 

8e2c12 

> 

when 

231 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(231); 

cc9079 

> 

when 

232 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(232); 

68f ba0 

> 

when 

233 

=  > 

BIT. 

.MUX 

<  = 

PT_VECT0R(233); 

d0e0be 

t> 

when 

234 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(234); 

748b67 

t> 

when 

235 

=  > 

BIT_MUX 

<  = 

PT_VECT0R(235); 

7a370c 

> 

when 

236 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(236); 

915cd5 

> 

when 

237 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(237); 

900130 

> 

when 

238 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(238) ; 

e16ae9 

> 

when 

239 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(239) ; 

3abe2f 

> 

when 

240 

=  > 

BIT 

.MUX 

<  = 

PT_VECTOR(240); 

6dd5f6 

> 

when 

241 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(241 >; 

1d699d 

> 

when 

242 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(242); 

570244 

> 

when 

243 

=  > 

BIT 

.MUX 

<  = 

PT_VECT0R(243); 
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89195a  > 

d87283  t> 

e2cee8  > 

eca531  c> 

f8f8d4  > 

8c930d  > 

acf508  > 

4a9ed1  > 

8b22ba  > 

c64963  > 

6c527d  > 

7439a4  > 
8eaf 5a 

4f4575  > 

4f3387  -end 
08af 5a 

9db4f6  end  p 
88af 5a 

105356  

28b08a  end  b 

b85356  

5caf 5a 


when  244  => 

when  245  => 

when  246  => 

when  247  => 

when  248  => 

when  249  => 

when  250  => 

when  251  => 

when  252  => 

when  253  => 

when  254  => 

when  255  => 

when  others 

case; 


BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 
BIT-MUX 


rocess  DECODER-PR 


PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 
PT-VECTOR 


(244) 
(245) 
(246) 
(247) 
(248) 
(249) 
(250) 
(251  ) 
(252) 
(253) 
(254) 
(255) 


=  >  BIT-MUX  <: 


eh; 
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bb99  7d | | | ! | 

aa533a  --  Author  :  -Tom  Vu  

cbb51f  --  Date  :  -09/27/98  

ecd6cd  --  Descriptions  •■•:  -Left  and  Right  32-bit  registers 

038b7f  --  FILENAME  :  -p.vhd  

e3cf 72  

f8625a  --  

c57faf  Library  ieee; 

4011e9  use  I E E E . s t d_ I og i c_1 1 64 . a I I ; 

8eda83  use  IEEE.std_Logic_arith.aLL; 

b2e105  use  IEEE.std_Logic_unsigned.aLL; 

b4af 5a 

bea  f  5a 

2e625a  --  


d07bea 

entity 

P  is 

daf  5a 

8ccc6d 

port( 

0cb3bd 

P_IN 

a1 586a 

>P_OUT 

fa737c 

••••); 

c9af 5a 

b09776 

end  P  ; 

4daf 5a 

:  in  ■ • ■ * s td_ L og i c_ve c t or ( 31  downto  0) 
:  out  •  -  - s t d_ L og i c_ve c t o r ( 3 1  downto  0) 


1b625a  --  

d341d7  architecture  beh  of  P  is 

e3625a  --  

60a039  subtype  smaLL_integer  is  INTEGER  range  0  to  31; 

8aa364  type  P-TYPE  is  array(0  to  31)  of  small-integer; 

b6af 5a 

d649f0  signal  P_TABLE  :  P_TYPE; 

c  ca  f  5a 

4c0f89  begin 

cf a  f 5a 

1d4bdd  P.TABLE  <=  >  (11,17,  5,27,25,10,20,  0, 

436dcf  >  -13,21,  3,28,29,  7,18,24, 

d85d3e  >  -31,22,12,  6,26,  2,16,  8, 

3887c6  >  -14,30,  4,19,  1,  9,15,23);  > 

a  5a  f  5a 

52625a  --  

1e3e5a  P_PR:  p roces s ( P_TABLE , P_I N ) 

c8625a  --  

3e0f89  begin 

0cd72a  for  i  in  0  to  31  loop 

a6408d  >        •  •  •  * P_OUT(P_TABLE(  i  )  )  <=  P_IN(i); 

a77aa9  >  end  Loop; 

c4a57c  end  process  P_PR; 

fb625a  --  

40b08a  end  beh; 

34625a  --  
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bb997d | j j ! ! ! 

d8b1e9  --  Author  :  -Tom  Vu 

4a0864  —  Date  :  -10/02/97  

04f701  --  Description!)  *••:  -Generate  Permutation  Choice  #1 

dfc137  --  Functions     •-•:  -Array  has  the  table  which  tells  the  mapping 

83625a  --  

0e7faf  library  ieee; 

e811e9  use  I  EE E  .  s t d- I  og i c-1 1 64  .  a  I  I  ; 

99da83  use  IEEE. std-logic-arith. all; 

19e105  use  IEEE. std-logic-unsigned. all; 

00af 5a 

47af 5a 

6d625a  --  

941237  entity  PC1  is 

33af 5a 

951 4be  port ( 

5 1 b a  1 f  o        KEY-IN  ----:  in  ••■-std-logic-vector(55  downto  0); 

8fe01d  c>KEY-0UT  •-■:  out  -  -  ■  s  t  d-  I  og  i  c-ve  c  t  o  r  (  5  5  downto  0) 

5a737c  ••-•); 

37a9e7  end  PC1; 

68625a  --  

ee8a34  architecture  beh  of  PC1  is 

86625a  --  

1888c2  subtype  smal ^integer  is  INTEGER  range  0  to  55; 

f92fa8  type  P  C  1  -  T  Y  P  E  is  array(0  to  55)  of  small-integer; 

5f77c7  signal  PC1-TABLE  :  PC1-TYPE; 

b0af 5a 

710f89  begin 

6aa  f  5a 

d4058b  PC1-TABLE  <=  >   (27,19,11,31,39,47,55, 

32b8bd  o        >        -26,18,10,30,38,46,54, 

c84e55  >         >         -25,17,  9,29,37,45,5  3, 

b95fab  >        >        -24,16,  8,28,36,44,52, 

258218  >         >         -23,15,  7,  3,35,43,51, 

0f93e6  >         >         -22,14,  6,  2,34,42,50, 

190a6f  >        >        -21,13,  5,  1,33,41,49, 

337b37  >        »        -20,12,  4,  0, 32 , 40, 48  )  ;  > 

95625a  --  

94c9d0  Permutat i on-choi ce-1  :  p rocess ( KEY-I N , PC  1 -TABLE  ) 

d8625a  --  

330f89  begin 

a1a5ed  t>         for  i  in  0  to  55  loop 

5fee97  >         •--- KEY-OUT ( PC  1 -TABLE ( i  )  )  <=  KEY-IN(i); 

657aa9  >        end  loop; 

fb5890  end  process; 

c2625a  --  

2ab08a  end  beh; 

ea62  5a  --  
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bb99  7d | | | i | | 

025f32  --  Author  :  -Tom  Vu- 

d00864  --  Date  :  -10/02/97  

85dd69  --  Descriptions  •-•:  -Generate  Permutation  Choice  #2 

69c137  --  Functions     ••*:  -Array  has  the  table  which  tells  the  mapping 

64625a  --  

fb7faf  library  ieee; 

4011e9  use  I  E E E  .  s t d_  I  og i c_1 1 64 . a  I  I ; 

63da83  use  IEEE. std_logic_arith. all; 

30e105  use  IEEE. std_logic_unsigned. all; 

33af 5a 

78af 5a 

8 f 62 5 a  --  

cd0f f b  entity  PC2  i  s 

49af 5a 

c81 4be  port ( 

b  b  b  a  1 f  >        KEY_IN  ••••:  in  ••••std_logic_vector(55  downto  0  )  ; 

9ae70b  t>KEY_0UT  ••-:  out  -  -  -  s  t  d_  I  og  i  c_ve  c  t  o  r  (  47  downto  0) 

c  a  7  3  7  c  ■•••); 
60af 5a 

214683  end  PC2; 
85af 5a 

59625a  --  

3197f8  architecture  beh  of  PC2  is 

2  762  5a  --  

3888c2  subtype  small-integer  is  INTEGER  range  0  to  55; 

2c5861  type  PC2-TYPE  is  array(0  to  47)  of  small-integer; 

9494fc  signal  PC2-TABLE  :  PC2-TYPE; 
a  5a  f  5a 

620f89  begin 
a8af 5a 

7b87fd  PC2_TABLE<=  >    (24,27,20,  6,14,10,  3,22, 

bcb0d3  >  >  --0,17,  7,12,  8,23,11,  5, 

eda82a  >        >  -16,26,  1,  9,19,25,  4,15, 

60e6d1  >        >        -54,43,36,29,49,40,48,30, 

f07eaa  >        •>       -52,44,37,33,46,35,50,41, 

f9c953  o         >        -28,53,51,55,32,45,39,42); 

44625a  --  

9e1c95  Permutation_choi ce-2:  p ro c es s ( KE Y_  I  N  ,  PC 2-T ABLE  ) 

34625a  --  

f30f89  begin 

d813e9  t>        for  i  in  0  to  47  loop 

35f552  >        ----KEY-OUT(i)  <=  KEY-IN(PC2-TABLE(i)); 

9f7aa9  >        end  loop; 

925890  end  process; 

a 962 5 a  --  

5bb08a  end  beh; 

70625a  --  
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bb997d 
aa533a 
f06e63 
704774 
b65356 
407faf 
6411e9 
b3da83 
a0e1 05 
325356 
b678aa 
dlaf 5a 
6bcba7 
6a2d12 
fa7852 
dc61d0 
d73455 
35c402 
3400c5 
90f f 5d 
86a88e 
ee8827 
dcb08d 
e3f 5bb 
d96e10 
e2af 5a 
e50f 19 
1cb93c 
5d77f 0 
a46aef 
d3a049 
2b57ed 
1346a7 
787409 
739c20 
b15335 
8d7bf e 
145cbe 
b9737c 
c8af 5a 
2aa  f  5a 
642639 
73af 5a 
1d5356 
1f6e71 
335356 
f 35b70 
b9e3bf 
dlaf 5a 
2d0342 
cda  f  5a 
1271b6 
f2e6ea 
d2b737 
f7af 5a 
8eaf 5a 
282682 
398ba7 
7502ae 
e517a8 
a1738b 
b32985 
f 3ca5d 
7daf 5a 
090f89 
b510c0 
a  ca  f 5a 
455356 
47d4cd 
645356 
609ebc 
f 33dcd 


Author  

Date  

Description 


Tom  Vu  

09/19/97  

UProcessor  interface 


Library  ieee; 

use  IEEE. std-logic-1164.  all; 
use  IEEE. std-logic-arith.  all; 
use  I EEE . s t d- log i c-uns i gned  .  a  I  I 


entity  REG-RDWR  is 


po  r  t  ( 


RST-N 
BOARD-EN  • 

ALE  

ADDSEL1  • • 

WRB  

RDB  

ADDSEL2  • • 

AA-IN  

ADDR  

CHIP-ID  • • 
SEARCH-OUT 
SELECT-ONE 
SEARCH-IN 


CHIP-EN  • • • 
AA-OUT 
CHIP-AA-OUT 
EXTRA-XOR  • 
USE-CBC  • • • 
PT-XOR-MASK 
PT-BYTE-MASK  • >  : 

PT-VECTOR  >  : 

C0  >        : 

C1  >        : 

DATAI  t>    : 

DATAO  >     : 


>  : 


out 
:  out 
:  out 

•  :  out 

•  :  out 
>  :  out 

out 
out 
out 
out 


i  n 


); 


std-logic; 

std-logi  c  ; 

std-logi  c; 

std-logic; 

std-logic; 

std-logic; 

std-logic; 

std-logi  c; 

std-logic-vector(7  downto  0  )  ; 

s t d- I  og i c-vec t or ( 7  downto  0); 

s t d- I  og i c-vec t or ( 23  downto  0); 

std-logic-vector(23  downto  0 )  ; 

• std- logi c-vec tor ( 23  downto  0) 

std-logic; 

std-logic; 

std-logic; 

std-logic; 

std-logi  c; 

s t d- I  og i c-vec t or ( 63  downto  0); 

std-logic-vector(7  downto  0 )  ; 

std-log i c-vec tor  (  255  downto  0) 

std-logic-vector(63  downto  0); 

std-logic-vector(63  downto  0 )  ; 

std-logi c-vector(7  downto  0); 

s t d- I og i c-ve c t or ( 7  downto  0) 


end  REG-RDWR, 


architecture  beh  of  REG-RDWR  is 


type  DATA32-ARRAY  is  array(31  downto  0)  of  s t d- I og i c-ve c t o r ( 7  downto  0) 
type  DATA8-ARRAY  -is  array(7  -downto  0)  of  s t d- I og i c-ve c t o r ( 7  downto  0) 


signal  PT-VECTOR-REG 


signal  PT-XOR-MASK-REG 

signal  CIPHER0  I 

si  gna  I  CIPHER1  I 


DATA32-ARRAY 

DATA8-ARRAY; 
DATA8-ARRAY; 
DATA8-ARRAY; 


signal  SEARCH-INFO-REG  c>:  std-logic-vector(7  -downto  0  )  ; 

signal  PT-B  YTE-MASK-REG  t>  :  s  t  d-  I  og  i  c-ve  c  t  o  r  (  7  -downto  0); 

signal  CHIP-REG  c>        :  s  t  d-  I  og  i  c-ve  c  t  o  r  (  7  -downto  0); 

signal  CHIP-EN-BAKt>       :  std-logic; 

signal  ALL-ACTIVE  >       :  std-logic; 

signal  BAA-EN  >  :  std-logic; 

signal  AA-OUT-BAK  >      :  std-logic; 


begin 
CHIP-EN-BAK 


when  ((CHIP-ID 


CHIP-REG)  and  BOARD-EN 


)  else 


CHIP-ID-REG-PR 


process(RST-N,  ALE) 
)  then 


begin  • • 
if  (RST-N 
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a4a147 
8eb4c0 
63af 5a 
f f 2241 
da905d 
7c62af 
2962af 
39d83c 
10abb9 
f 4af 5a 
cb5356 
f  a  ceba 
07acbc 
8d8679 
70735f 
4e5356 
a49ebc 
64643c 
40bac7 
98af 5a 
f 95f ed 
050335 
903746 
766b9e 
9d2038 
607ce0 
7b4893 
93144b 
0a167a 
7e4aa2 
b28a59 
aec73f 
921259 
185f 3f 
3e54f a 
1c199c 
2cdc6d 
67910b 
2d7f 16 
5c3270 
9f 2674 
f f6b12 
1e123b 
905f 5d 
904288 
1 40f ee 
a876c7 
763ba1 
9379f3 
713495 
0c9a56 
94d730 
64af 5a 
5c6da3 
cd7c21 
78f 89a 
a9e918 
a4a510 
6bb492 
9f3029 
ae2 1 ab 
c8af 5a 
e552d5 
c21c26 
3ca5bd 
85eb4e 
54d908 
0e97f b 
ca2e60 
c86093 
68af 5a 
80b339 


CHIP_REG  <=  (others  =>  '0'); 
eLsif  (ALE'event  and  ALE=  'V)  then 

if  ((BOARD-EN  =  '1')  and  (ADDSEL1  =  '1'))  then 

CHIP-REG  <=  ADDR; 

end  if;  • 
end  if;  • 

end  process  CHIP-ID-REG-PR ; 


READ-PR:  p r o c e s s ( PT_ V E C TO R_R EG ,  PT-X 0 R_M A S K-R EG , 

PT-BYTE-MASK-REG,  S E A R C H-  I  N F 0_R EG ,  CIPHER0,  CIPHER 
SEARCH-IN,  SELECT-ONE,  ALL-ACTIVE,  AA-OUT-BAK, 
CHIP-EN-BAK,  ADDSEL2,  RDB,  ADDR, BAA-EN) 


begin 

if  ((CHIP-EN. 

>  case 

>  when 

>  when 
when 

>  when 

>  when 
when 

t>  when 
when 
when 

t>        when 

>  when 
t>        when 

when 
when 

>  when 

>  when 
t>        when 

when 
c>  when 
when 
when 
when 
when 
t>        when 

>  when 

>  when 

>  when 
when 

>  when 
when 
when 

>  when 

>  when 
when 

>  when 
when 
when 

>  when 
when 

>  when 

when 
when 
when 
when 
when 

>  when 

>  when 
when 


BAK  = 
ADDR 


1  '  )  and  (ADDSEL2  = 


000001 

00001 0 

00001 1 

0001 00 

0001 01 

0001 1 0 

0001 1 1 

001 000 

001 001 
001 01 0 
001011 

001 1 00 

001 101 
001  1  10 
001  1  1  1 
01 0000 
010001 
010010 
010011 
010100 
010101 
0101  10 
0101  1  1 
011000 
01 1001 
01 1010 
01  101  1 

01 1 100 

01 1 101 
011110 
011111 


1 00001 
100010 
100011 
100100 
100101 

1001 10 

1001 1 1 


)  and  (RDB 


TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 
TAO 


DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 

DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 


PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 
PT-VE 


CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 
CTOR, 


R  E  G  (  0  )  ; 
,REG(1  ); 
R  E  G  (  2  )  ; 
REG(3); 
,  R  E  G  (  4  )  ; 
,REG(5); 
R  E  G  (  6  )  ; 
,REG(7); 
R  E  G  (  8  )  ; 
,  R  E  G  (  9  )  ; 
REG(10) 
,REG(11  ) 
,REG(12) 
,REG(13) 
,REG(14) 
,REG(15) 
,REG(16) 
,REG(17) 
,REG(18) 
REG(19) 
REG(20) 
REG(21  ) 
,REG(22) 
,REG(23) 
,REG(24) 
REG(25) 
,REG(26) 
,REG(27) 
REG(28) 
REG(29) 
REG(30) 
REG(31  ) 


PT-XOR-MASK-REG(0) 
PT-XOR-MASK_REG(1  ) 
PT-X0R_MASK_REG(2) 
PT-XOR_MASK_REG(3) 
PT-X0R_MASK-REG(4) 
PT-XOR-MASK-REG(5) 
PT-X0R-MASK-REG(6) 
PT-X0R-MASK-REG(7) 


CIPH 
CIPH 
CIPH 
CIPH 
CIPH 
CIPH 
CIPH 
CIPH 


ER0 
ER0 
ER0 
ER0 
ER0 
ER0 
ER0 
ER0 


(0) 

(1  ); 

(2) 

(3); 

(4) 

(5) 

(6); 

(7) 


)  )  then 


when  "0011 


>  DATAO  <=  CIPHER1 (0); 
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95fdca 
e64451 
dd0aa2 
7038e4 
a17617 
10cf8c 
a2817f 
16af 5a 
D74798 
1ba7e9 
d268c2 
f faf 5a 
06548f 
63e0de 
b0a4d4 
461085 
2dd7fe 
3c63af 
e327a5 
4493f 4 
9d13d9 
22a788 
942170 
a89d0d 
46a860 
1 31 41  d 
a9a4da 
3718a7 
35d7bf 
4b6bc2 
52f40b 
b64876 
3899a6 
8525db 
c2829b 
023ee6 
7f7aab 
07af 5a 
d492b5 
56523c 
a35d06 
8adf 0b 
6b2c2b 
4d5356 
f9ab46 
795356 
c29ebc 
9f3dcd 
9bd72a 
193d94 
4b7aa9 
1faf 5a 
a8df7d 
bd359a 
5fdf 54 
6adb2f 
a37aa9 
3faf 5a 
40889f 
f  15de2 
f 7af 5a 
f 9ae0d 
6faf 5a 
32e1c4 
48bac7 
51ebd1 
94ae1f 
69b156 
86f498 
cef 05c 
82b592 
c  5aadb 


when 
when 
when 
when 
when 
when 
when 

when 
when 


when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 


'00110001"  => 

'00110010"  => 

'00110011"  => 

'00110100"  => 

'00110101"  => 

'00110110"  => 

'00110111"  => 

'00111000"  => 

'001 11111"  => 

AA-OUT-BAK 

01000111"  => 

01001111"  => 

01010111"  => 

01011111"  => 

01100111"  => 

01101111"  => 

01110111"  => 

01111111"  => 

10000111"  => 

10001111"  => 

10010111"  => 

10011 111"  => 

10100111"  => 

10101111 "  => 

10110111"  => 

10111111 "  => 

1 10001 11"  => 

1  1001 111"  => 

11010111  "  => 

11011111  "  => 

1  1  1001 11"  => 

11101111"  => 

11110111"  => 

11111111  "  => 
others  ••••=> 


DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 
DATAO 


CIPHER1  (1  ) 
CIPHER1 (2) 
CIPHER1 (3) 
CIPHER1 (4) 
CIPHER1 (5) 
CIPHER1 (6) 
CIPHER1 (7) 


DATAO 

DATAO  <=  "00 

&  ALL-ACTIVE 


PT-BYTE-MASK-REG; 
"000"  &  BAA-EN  &• 
SEARCH-INFO. 


REG ( 1  downto  0  ) 


DATAO  <=  "000000"  &  SELECT-ONE(0) 

DATAO  <=  "000000"  &  SELECT-ONEd  ) 

DATAO  <=  "000000"  &  SELECT-0NE(2) 

DATAO  <=  "000000"  &  SELECT-0NE(3) 

DATAO  <=  "000000"  &  SELECT-0NE(4) 

DATAO  •<=  "000000"  &  SELECT-0NE(5) 

DATAO  <=  "000000"  &  SELECT-0NE(6) 

DATAO  <=  "000000"  &  SELECT-0NE(7) 

DATAO  <=  "000000"  &  SELECT-0NE(8) 

DATAO  • <=  "000000"  S  SELECT-0NE(9) 

DATAO  •<=  "000000"  &  SELECT-ONE(10) 

DATAO  •<=  "000000"  &  SELECT-ONEd 1 ) 

DATAO  •<=  "000000"  &  SELECT-0NE(12) 

DATAO  •<=  "000000"  &  SELECT-0NE(13) 

DATAO  -<=  "000000"  &  SELECT-0NE(14) 

DATAO  ■<=  "000000"  &  SELECT-ONEd 5) 

DATAO  •<=  "000000"  S  SELECT-0NE(16> 

DATAO  •<=  "000000"  &  SELECT-0NE(17) 

DATAO  ■<=  "000000"  S  SELECT-0NE(18) 

DATAO  •<=  "000000"  &  SELECT-0NE(19) 

DATAO  •<=  "000000"  &  SELECT-ONE(20) 

DATAO  •<=  "000000"  &  SELECT-0NE(21 ) 

DATAO  • <=  "000000"  &  SELECT-0NE(22) 

DATAO  •<=  "000000"  S  SELECT-0NE(23) 

DATAO  <=  (others  =>  '  Z  '  )  ; 


SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 


I  N  (  0  )  ; 
I N (1  )  ; 
I  N  (  2  )  ; 
I  N  (  3  )  ; 
I  N  (  4  )  ; 
I  N  (  5  )  ; 
I  N  (  6  )  ; 
I  N  (  7  )  ; 
I  N  (  8  )  ; 
I  N  (  9  )  ; 
IN(10) 
INC  1  1  ) 
INC  1 2) 
INC13) 
INC14) 
INC15) 
INC16) 
INC17) 
INC  1 8) 
INC19) 
INC20) 
INC21  ) 
INC22) 
INC23) 


d  ca 
se 


d  if 

d  pr 


se; 


DATAO  <=  (others  =>  '  Z  '  )  ; 
ocess  READ-PR ; 
TOR-PR:  processCRST-N,  WRB) 


g  i  n 
CRS 


T-N  =  ' 0 ' )  then 

for  i  in  0  to  31  Loop 

>  PT-VECTOR-REGCi )  <=  (others  => 

>  end  loop; 

>  fori  in  0  to  7  loop 

>  PT-XOR-MASK-REGC i )  <=  (others  = 

>  CIPHER0(i)  <=  (others  =>  ' 0 ' ) ; 
CIPHERKi)  <=  (others  =>  '0'); 

>  end  loop; 

PT-BYTE-MASK-REG  <=  (others  => 

>  SEARCH-INFO-REG  <=  (others  => 

elsif  (WRB'event  and  WRB=  '1')  then 

if  (  (CHIP-EN-BAK  =  '1')  and  (ADDSEL2  = 


)  )  then 


case 
when 
when 
when 
when 
when 
when 
when 


ADDR  is 
"00000000' 
"00000001 ' 
"0000001 0' 
"0000001 1 ' 
"000001 00' 
"000001 01 ' 
"000001 1 0' 


PT-VECTOR-REG(0)  <=  DATAI 

PT-VECT0R-REG(1 )  <=  DATAI 

PT-VECT0R-REG(2)  <=  DATAI 

PT-VECT0R-REG(3)  <=  DATAI 

PT-VECT0R-REG(4)  <=  DATAI 

PT-VECT0R-REG(5)  <=  DATAI 

PT-VECT0R-REG(6)  <=  DATAI 
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47ef 15 
df6af6 
142f38 
409fd3 
a  f  c  ba  3 
b035f f 
d3618f 
512528 
8e7158 
e39f93 
a  1 cbe3 
1fa22c 
4af65c 
1 5ad0c 
15f 97c 
cbab6f 
a9f  f  1f 
17ada8 
28f9d8 
a7abcb 
17f fbb 
803a3b 
916e4b 
f c6480 
7d30f 0 
cea  f  5a 
bc692a 
6261be 
abce3f 
8dc6ab 
d1  c5d 
b2cd55 
4262d4 
116a40 
4a  a  f  5  a 
8bb54a 
abe2a  f 
ed700e 
2027eb 
f65acf 
180d2a 
379f8b 
9ac86e 
69af 5a 
bd18a7 
ea4f 42 
58dde3 
f 48a06 
0f f722 
86a0c7 
ef3266 
f 56583 
1daf 5a 
7202f9 
16af 5a 
1a1063 
70af 5a 
7aa  f  5a 
27af 5a 
324c29 
a38259 
d262af 
cf62af 
3ed83c 
2f96ba 
0cd83c 
5a63e0 
f 70f c6 
2f41de 
0878f 6 
3433f8 
4255e6 


when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 
when 

when 
when 
when 
when 
when 
when 
when 
when 

when 

when 


10001  1  1 
1001000 
1001001 
1001010 
100101  1 
1001 100 
1001  101 
1001  1  10 
1001  1  1  1 
1010000 
1010001 
1010010 
101001  1 
1010100 
1010101 
10101  10 
10101  1  1 
101 1000 
1011001 
101  1010 
1011011 
101  1  100 
101  1  101 
101  1  1  10 
1011  1  11 

1100000 
1100001 
M00010 
110001  1 
M00100 
M00101 
11001  10 
11001  1  1 

1101000 
M01001 
M01010 
1101011 
M01100 
1101  101 
1101110 
1101111 

M10000 
1110001 
11  10010 
11  1001  1 
11  10100 
1110101 
1110110 
1110111 

11  1  1000 

1111111 


PT. 
PT\ 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 
PT. 


VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 
VECTOR, 


,REG(7) 
REG(8) 
REG(9) 
REGC10 
,REG(11 
REGC12 
,REG(13 
REGC14 
,REG(15 
,REG(16 
REGC17 
,REG(18 
,REG(19 
,REG(20 
,REG(21 
,REG(22 
,REG(23 
,REG(24 
,REG(25 
,REG(26 
,REG(27 
,REG(28 
REGC29 
,REG(30 
,REG(31 


=  DA 
:=  DA 
:=  DA 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 

<=  D 


PT-XOR-MASK-REG(0) 
PT-X0R-MASK-REG(1 ) 


TAI; 

TAI; 

TAI; 

ATAI 

A  T  A  I  ; 

ATAI; 

ATAI 

A  T  A  I  ; 

ATAI 

ATAI; 

ATAI 

ATAI 

ATAI; 

ATAI 

ATAI; 

ATAI 

ATAI 

ATAI; 

ATAI 

ATAI; 

ATAI 

ATAI 

ATAI 

ATAI 

ATAI; 

DATAI 
DATAI 


=>  PT-X0R-MASK-REG(2)  <=  DATAI 

=>  PT„X0R-MASK~REG(3)  <=  DATAI 

=  >  PT^,X0R-MASK-REG(4)  <=  DATAI 

=>  PT~X0R-MASK-REG(5)  <=  DATAI; 

=>  PT-X0R-MASK-REG(6)  <=  DATAI 

=>  PT-X0R-MASK-REG(7)  <=  DATAI 


CIPHER0C0) 
CIPHER0C1 ) 


DATAI 
DATAI; 


=>  CIPHER0(2)  <=  DATAI 


CIPHER0C3) 
CIPHER0C4) 
CIPHER0C5) 
CIPHER0C6) 
CIPHER0(7) 

CIPHER1 (0) 
CIPHER1  (1  ) 
CIPHER1  (2) 
CIPHER1 (3) 
CIPHER1 (4) 
CIPHER1 (5) 
CIPHER1 (6) 
CIPHER1 (7) 


DATAI 

DATAI 

DATAI 

DATAI; 

DATAI 

DATAI 

DATAI 

DATAI 

DATAI 

DATAI; 

DATAI 

DATAI; 

DATAI 


=>  PT^BYTE-MASK-REG  <=  DATAI; 
=>  SEARCH^INFO^REG  • <=  DATAI; 


end  i  f ; 
end  if; 


•when  others  =>  null 
end  case; 


end  process  PT^VECTOR-PR ; 

PT-VECTOR  <=  •  •  •  PT-VECT0R-REGC31  )  &  PT-V E C TO R-R EG ( 30  )  &  PT^ VE C TOR-R EG ( 29  )  &  PT-1 
VECTOR-REGC28)  & 

>  PT^VECTOR-REG(27)  &     PT-V E C TO R-R EG ( 26  )  8  PT- V E C TO R-R E G ( 2 5  )  &  PT-I 
VECT0R-REGC24)  S 

>  PT_VECT0R-REG(23)  &     PT_V E CTO R-R EG ( 2 2  )  &  PT-V E C TO R-R EG ( 2 1 )  &     PT-I 
VECTOR-REGC20)  S 
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048028  »         >         PT-VECT0R-REG(19)  &  PT-VE C TOR-R EG ( 1 8  )  8  PT-VE CTOR-R EG ( 1 7  )  8  PT-I 

216203  VECT0R-REGC16)  8 

f87f6b  >         >         PT-VECT0R-REG(1 5)  8  PT-VE C TOR-R EG ( 1 4 )  8  PT-VE CTOR-R EG ( 1 3  )  8  PT-I 

474f13  VECT0R-REGC12)  8 

d3dced  t>         >         PT-VE CTOR-R EG ( 1 1 )  8  PT-V  E  C  TOR-R  EG  (  1  0  )  8  PT-VE  C  TO  R-R  EG  (  9  )  -8  PT-I 

400ee7  VECTOR-REG ( 8  )  8 

d19f75  >         >         PT-VECT0R-REG(7)  -8  PT-V E C TOR-R EG ( 6  )  -8  PT-V E CTO R-R EG  (  5  )  -8  PT-I 

8679d7  VECTOR-REGC4)  8 

fadb33  >         >         PT-VECTOR-REG ( 3  )  -8  PT-V E CTOR-R EG ( 2  )  -8  PT-VE CTO R-R EG  (  1  )  -8  PT-I 

ab712e  VECTOR-REG ( 0  )  ; 

9daf 5a 

f79fa6  PT-XOR-MASK   <=  • PT-XO R-M A SK-R E G ( 7 )  8  PT-XOR-M A S K-R EG ( 6 )  8  PT-XOR-M ASK-R EG ( 5 )  81 

f47e06  • PT-X0R-MASK-REG(4)  8- 

9332e5  PT-XOR-MASK-R EG ( 3  )  8  PT-XOR-M A S K-R EG ( 2  )  8  PT-XOR-M A SK-R EG ( 1  )  81 

708f30  • PT-XOR-MASK-REGC0)  ; 

c6a  f 5a 

bce0a8  C1   <=  -CIPHER1C7)  8  CIPHER1C6)  8  CIPHER1C5)  8  CIPHERK4)  8- 

163040  CIPHERK3)  8  CIPHER1(2)  8  C  I  P  H  E  R 1  (  1  )  8  CIPHER1C0)  ; 

1d1a2d  C0  *<=  -CIPHER0C7)  8  CIPHER0C6)  8  CIPHER0C5)  8  CIPHER0(4)  8- 

71bfc6  CIPHER0(3)  8  CIPHER0C2)  8  CIPHER0(1)  8  CIPHER0C0)  ; 

58af 5a 

b05  3  56  

aed83c  • 
dea  f  5a 

8  5  53  56  

54960e  PT-BYTE-MASK  >   <=  PT-B YT E-M A SK-R EG  ; 

38b8c9  USE-CBC  >         <=  S E AR C Hw I N FO-R EG ( 0 ) ; 

a1a0c4  EXTRA-XOR  >       <=  S E ARC H- I N FO-R EG ( 1 ) ; 

12bd48  BAA-EN  >>         <=  S E ARC H- I N FO-R EG ( 4  )  ; 

3075ee  AA-OUT-BAKc>       <=  AA-IN  and  ALL-ACTIVE  when  (BAA-EN  =  '1')  else  AA-IN; 

5d2bdd  AA-OUT  >>         <=  AA-OUT-BAK  ; 

9aaf 5a 

be35fc  ALL-ACTIVEt>       <=  (  S  E  A  R  C  H-OUT  (  2  3  )  and  S  E  ARC  H-OUT  (  2  2  )  and  S  E  ARC  H-OUT  (  2  1  )  and  SI 

9c2c82  EARCH-OUT(20)  and 

1e4820  SEARCH-OUT(  1  9)  and  S  E  AR  C  H-OUT  (  1  8  )  and  S  E  ARC  H-OUT  (  1  7  )  and  SI 

cefe9f  EARCH-OUTC16)  and 

ceb3bf  SEARCH-OUT(1  5)  and  SEARCH-OUT  (  1  4  )  and  S  E  AR  C  H-OUT  (  1  3  )  and  SI 

4291e9  EARCH-OUTC12)  and 

d7794d  SEARCH-OUTd  1  )     and    S  E  ARC  H-OUT  (  1  0  )     and    S  E  ARC  H-OUT  (  9  )     -and     -I 

68357c  SEARCH-0UT(8)     and 

8630b9  SEARCH-0UT(7)  -and  S E AR C H-OUT ( 6  )  -and  S E AR C H-OUT ( 5  )  -and  •■ 

3584e6  S E A R C H-OUT ( 4  )  and 

b68753  SEARCH-OUT(3)     -and    S E AR C H-OUT ( 2  )     -and    SEARCH-OUTd)     -and     •■ 

0b76b6  SEARCH-OUTC0)  ); 

aaf17f  CHIP-AA-OUT  t>    <=  -ALL-ACTIVE; 

8827f3  CHIP-EN  >         <=  CHIP-EN-BAK; 

c  45356  

32b08a  end  ben; 

59  53  56  

f 5af 5a 
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bb997d 
d8b1e9 
4a0864 
dc5b64 
41 5e67 
829e89 
9b625a 
3c7f  af 
2011e9 
95da83 
b1e105 
ea6414 
bea  f  5a 
f 4af 5a 
22625a 
d8c826 
82af 5a 
7896b5 
5c0d73 
00737c 
40af 5a 
56a64c 
15af 5a 
95625a 
72a250 
2a625a 
09f  a2e 
cee268 
35af 5a 
ac5dd3 
6dc7f2 
4e49e2 
ebf ba1 
4275b1 
57ef 90 
986180 
5a8307 
a  5a  f  5a 
74625a 
1ba248 
652795 
87af 5a 
5e4d3e 
00af 5a 
e46717 
c6691  1 
0f  40ce 
324c51 
6166ad 
f6af 5a 
3f 0f 89 
f daf 5a 
dddf  25 
a6524a 
af9742 
9ae23b 
41af 5a 
87e25b 
39af 5a 
7214bd 
e4af 5a 
980C01 
36625a 
330f89 
30625a 
f 7af 5a 
0671a2 
d8e826 
08aaee 
1dac76 
dbaf 5a 
b0f c37 


Author  

Date  

Descriptions 
Functions 


Tom  Vu 

10/02/97  

Create  table  for  Lookup  values  of  S  function 

6  inputs  are  used  to  lookup  in  the  table  and  produce 

4  ouputs.  -There  are  a  total  of  8  tables 


library  ieee; 

use  IEEE. std-logic-1164.  all; 

use  IEEE. std_logic_arith. all  ; 

use  IEEE. std-logic-unsigned. all; 

use  ieee.std_logic-arith.conv_stdwlogic_vector; 


entity  S-TABLE  i  s 


portC  -KEY  - 
S-OUT 


end  S-TABLE; 


i  n 
out 


s  t  d-  I  og  i  cvector  (  47  downto  0) 
s td- I  og i c-vec t or ( 31  downto  0) 


architecture  beh  of  S-TABLE  is 


subtype  small-integer  is  INTEGER  range  0  to  15; 
type  TABLE-TYPE  is  array(0  to  63)  of  small-intege 


signal  S1 

signal  S2 

signal  S3 

signal  S4 

signal  S  5 

signal  S6 

signal  S7 

si  gna  I  S8 


TABLE-TYPE 

TABLE-TYPE 

TABLE-TYPE 

TABLE-TYPE 

TABLE-TYPE; 

TABLE-TYPE 

TABLE-TYPE; 

TABLE-TYPE 


function  lookup(signal  table:  in  TABLE-TYPE; 

>        >        signal  key:  in  std_logic-vector(5  downto  0)) 


•return  s t d- I og i c_ve c t o r  is 


variable  row 

variable  col 

vari  able  addr  • 

variable  index 

variable  result 

begin 


s t d_  log i c_vec t or ( 3  downto  0) 

s t d- I  og i c_vec tor ( 1  downto  0) 

s td_  log i c-vec t or ( 5  downto  0) 

integer; 

s td-  log i c-vec t or ( 3  downto  0) 


col:=  key(5)  8  key(0); 

row:=  key(4  downto  1); 

••••addr:=  col  &  row; 

■  ■  ■  •  index:=  CONV-INTEGER(key); 

•  •  •  •  result:=  C0NV_STD-L0GIC_VECT0R(table(index),4); 

••••return  result; 

end  ■ lookup; 

begin 


S1 


S2 


(13,  1,  2,1 5,  8,13,  4,  8 

•  10,12,  9,  5,  3,  6,14,11 

•  -7,  2,11,  1,  4,14,  1,  7. 

•  -0,15,  6,12,10,  9,13,  0,15 


(  4,13,1  1 


2,11,14,  7,15 


6,10,1  5,  3,11,  7,  1,  4, 

5,  0,  0,14,12,  9,  7,  2, 

9,  4,12,10,14,  8,  2,13, 

3,  3,  5,  5,  6,  8,11) 

4,  0,  9,  8,  1,13,10, 
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68af27  t>         >  --3,14,12,  3,  9,  5,  7,12,  5,  2,10,15,  6,  8,  1,  6, 

dfeb0f  >        >  --1,  6,  4,11,11,13,13,  8,12,  1,  3,  4,  7,10,14,  7, 

088e69  >         >  -10,  9,15,  5,  6,  0,  8,15,  0,14,  5,  2,  9,  3,  2,12) 

62af 5a 

4ad185  S3  >     <=>  (12,10,  1,15,10,  4,15,  2,  9,  7,  2,12,  6,  9,  8,  5, 

b53629  >  >  --0,  6,13,  1,  3,13,  4,14,14,  0,  7,11,  5,  3,11,  8, 

de712b  >        >  --9,  4,14,  3,15,  2,  5,12,  2,  9,  8,  5,12,15,  3,10, 

37d78f  t>         >  - -7,11,  0,14,  4,  1,10,  7,  1,  6,13,  0,11,  8,  6,13) 

27af 5a 

c63d3c  S4  t>     <=t>  (  2,14,12,11,  4,  2,  1,12,  7,  4,10,  7,11,13,  6,  1, 

d80ade  >        >  --8,  5,  5,  0,  3,15,15,10,13,  3,  0,  9,14,  8,  9,  6, 

e1d008  >         >  --4,11,  2,  8,  1,12,11,  7,10,  1,13,14,  7,  2,  8,13, 

84f6fa  >         >  -15,  6,  9,15,12,  0,  5,  9,  6,10,  3,  4,  0,  5,14,  3) 

aea  f  5a 

bf6361  S5  >     <=>  (  7,13,13,  8,14,11,  3,  5,  0,  6,  6,15,  9,  0,10,  3, 

f08223  >        >  --1,  4,  2,  7,  8,  2,  5,12,11,  1,12,10,  4,14,15,  9, 

a72f41  >         >  -10,  3,  6,15,  9,  0,  0,  6,12,10,11,  1,  7,13,13,  8, 

9492e5  t>         >  -15,  9,  1,  4,  3,  5,14,11,  5,12,  2,  7,  8,  2,  4,14) 

30af 5a 

e251c8  S6  >     <=t>  (10,13,  0,  7,  9,  0,14,  9,  6,  3,  3,  4,15,  6,  5,10, 

08bf4f  >         >  --1,  2,13,  8,12,  5,  7,14,11,12,  4,11,  2,15,  8,  1, 

faa01f  >        >  -13,  1,  6,10,  4,13,  9,  0,  8,  6,15,  9,  3,  8,  0,  7, 

d2f2c2  >         >  -11,  4,  1,15,  2,14,12,  3,  5,11,10,  5,14,  2,  7,12) 

49af 5a 

b6d92c  S7  >     <=>  (15,  3,  1,13,  8,  4,14,  7,  6,15,11,  2,  3,  8,  4,14, 

b6f59b  >        >  --9,12,  7,  0,  2,  1,13,10,12,  6,  0,  9,  5,11,10,  5, 

8c0ccc  >        >  --0,13,14,  8,  7,10,11,  1,10,  3,  4,15,13,  4,  1,  2, 

fa311b  >        >  --5,11,  8,  6,12,  7,  6,12,  9,  0,  3,  5,  2,14,15,  9) 

d6af 5a 

b0ba0a  S8  >     <=>  (14,  0,  4,15,13,  7,  1,  4,  2,14,15,  2,11,13,  8,  1, 

2ac15d  >        >  --3,10,10,  6,  6,12,12,11,  5,  9,  9,  5,  0,  3,  7,  8, 

54bf1e  >        >  --4,15,  1,12,14,  8,  8,  2,13,  4,  6,  9,  2,  1,11,  7, 

834ce4  >         >  -15,  5,12,11,  9,  3,  7,14,  3,10,10,  0,  5,  6,  0,13) 

25af 5a 

bd8694  S^OUT  >  <=  >  L oo kup ( S8 , KE Y ( 47  downto  42))  8 

553b55  t>  Lookup(S7,KEY(41  downto  36))  8 

54f229  >  Lookup(S6,KEY(35  downto  30))  S 

dd87b3  >  Lookup(S5,KEY(29  downto  24))  8 

acd315  >  Lookup(S4,KEY(23  downto  18))  8 

9d4724  >  Lookup(S3,KEY(17  downto  12))  8 

4a3cc2  >  Lookup(S2,KEY(1 1  downto  -6))  8 

b5a317  >  Lookup(S1 ,KEY(  5  downto  -0))  ; 

daa  f  5a 

9  562  5a  --  

bcb08a  end  beh; 

42625a  --  
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bb997d 
a  a  5  33a 
3a917e 
857268 
2d5356 
037faf 
d811e9 
e3da83 
a0e105 
585356 
53cbd6 
72af 5a 
8dec7a 
f  f2e77 
3d6737 
779760 
f 8baaa 
65a2a9 
39dbdf 
dd2913 
28af 5a 
4f  fddd 
39e965 
07b25c 
0d809f 
8f  f  8de 
2c37cb 
ab6756 
aea74a 
4f7098 
26f d4f 
ce4b50 
6013c4 
45a552 
f2737c 
31af 5a 
9faf 5a 
983e22 
13af 5a 
195356 
8ca  c3e 
f  c5356 
8f 0e4c 
50af 5a 
65a690 
f a39ea 
1d2c74 
d77087 
ae1589 
227ca3 
f b8eac 
d9e79c 
660e7b 
6b7f 7a 
e1b61d 
c07eb2 
7a44e0 
d20d93 
0e18c7 
ae027a 
ecaec6 
4676b8 
73eb38 
bc3de8 
7c5403 
d48b55 
7b8fe9 
0d1d38 
126abc 
6dc677 
e0af 9c 
50cc54 


Author  

Date  

Descriptions 


•  Tom  Vu  •  •  ■  ■ 
•09/07/97  ■ - 
•Search  Unit 


Library  ieee; 

use  IEEE.std-Logic-1164.aLL; 
use  IEEE.std-Logic-arith.aLL; 
use  I  EEE  .  s td- L og i c-uns i gned . a L L 


entity  SEARCH-UNIT  is 


por  t  ( 


CLK  

RST-N  • • • 

WRB  

RDB  

SEARCH  • • 
EXTRA-XOR 
USE-CBC  • 
ADDR-KEY 


DATAI  

PT-BYTE-MASK 

PT-XOR-MASK 

PT-VECTOR 

C0  

C1  

KEY-OUT  • • 
DES-OUTPUT 
•MATCH-OUT  > 
SELECT-ONE  > 
SEARCH-OUT  > 
CLEAR-SEARCH 
DATAO  


l  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 

i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
out 
out 
out 
out 
out 
out 
out 


>; 


s td- Log 

std- Log 

std-Logi c; 

std-Logi  c; 

std- Log 

std-Log 

std- Log 

s td- Logi c-vec tor ( 6  -downto  0 

std-Logi c-vector(7  downto  0) 

std- Log i c-vec tor ( 7  downto  0) 

std- Log i c-vec tor ( 63  downto  0 

s t d- L og i c-ve c t or ( 2 5 5  downto 

s t d- L og i c-ve c t or ( 63  downto  0 

s td- L og i c-vec tor ( 63  downto  0 

• std- Log i c-vec tor ( 5 5  downto 

• s td- Log i c_vec tor ( 63  downto 

•std-Logic; 

• std-Logi  c; 

• std-Logi  c; 

•std-Logic; 

s td- L og i c-vec tor ( 7  downto  0) 


end  SEARCH-UNIT 


architecture  beh  of  SEARCH-UNIT  is 


type  DATA8-ARRAY  is  array(7  downto  0)  of  s t d- L og i c-ve c t o r ( 7  downto  0) 


s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 
s  i  gna 


MESSA 

IP-KE 

DES-0 

EXTRA 

SHI  FT 

KEY  > 

D-KEY 

MESG- 

CNTo 

BIT-S 

TEMP- 

WR1B 

WR-ST 

DONE 

START 

MATCH 

MATCH 

MATCH 

FALSE 

SEARC 

SEARC 

SEARC 

SEARC 

SEARC 

LOAD 

FIRST 

FIRST 

FIRST 


GE  •  •  > 
Y  •  •  > 
UT  •  •  > 
-XOR-OUT 
-REG  • • > 


LEFT  > 

> 
H  I  F  T  -  R  E  G  > 
VECTOR  > 
>     > 
ROBEBt- 
o    > 
DES  o 
>   > 
-DLY-CYCLE1 > 
-DLY-CYCLE20 
-MATCHo 
H-DLY1  t> 
H-DLY2  > 
H-DLY3  > 
HING 
HING_DLY  o 


.TIME1 
.TIME2 
.LOAD 


std-Log 
std-Log 
std-Log 
std-Log 
DATA8-A 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 
std-Log 


-ve 
-ve 
_ve 
-ve 
AY; 
-ve 
-ve 
-ve 
-ve 
-ve 
_ve 


ctor(63  downto 

c t or ( 63  downto 

ctor(63  downto 

c tor ( 63  downto 

c t or ( 5  5  downto 
c tor ( 31  downto 
c t or ( 31  downto 
ctor(4  downto  I 
ctor(7  -downto 
ctor(3  -downto 
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720e91 
c99f2f 
339514 
dd4a26 
98ae92 
c89aa4 
0c0f 34 
f  a2d2c 
48bee1 
78525d 
b3d57b 
571491 
6948e5 
91a51e 
f70775 
dlaf 5a 
60185d 
eba  f  5a 
bebef  1 
23af 5a 
326ad1 
baec7a 
792e77 
61d3de 
370995 
2b604f 
919930 
ef  fe96 
b93050 
3c737c 
cde2  c6 
77af 5a 
bbaf 5a 
925282 
b314be 
e5af 5a 
6cc584 
61809f 
d0a4d5 
5e737c 
13e2c6 
f f af 5a 
270f89 
dd20f2 
da2410 
9e877a 
78715f 
96737c 
a7a  f  5a 
c90b40 
9bc589 
4c283b 
ee5a  cf 
833479 
87bbda 
56184c 
4e3203 
a4f  b8c 
cb737c 
ae4320 
5b5356 
1ec753 
f85356 
8a9ebc 
cd6118 
481a15 
066e7c 
ce380c 
4e4c65 
556042 
addf  7d 
5a3d5f 


gnal  SELECT1  >> 

gnal  S E LE CT 1 -D L Y > 

gnal  KE YwODDwDLYI > 

gnal  KE YwODDwDLY2 > 

gnal  C  H  E  CKwS  AMEwKE  Y  i> 

gnal  KEYwINCRt>> 

gnal  KEY-DECRt>> 

gnal  PRE-D0NE>> 

gnal  CNTwEQw1>> 

gnal  CNTwGTw10o 

gnal  CNT-EQ-100 

gnal  CNT„LEw10i> 

gnal  FIRSTwDESt> 

gnal  R  E  S  ETwS  E  A  R  C  H  I  NG  > 

gnal  C LE AR-S EARC H-BAK 


signal  EXTRA-S ELECT > 
signal  BITwMUXt>  > 


component  DES 


port  C  •  •  CLK 

RSTwN  • 
START  • 
MESSAGE 

KEY  

DONE  ■  • 

CNT 

DES-OUT 

end  component; 


component  MUX256 
port (  • • 

SHIFT-OUT 

PTwVECTOR 

BIT-MUX  • 

)  ; 

end  component; 

begin 

M256:  MUX256 

port  map (  *  * 


s t dw  I  og  i  c; 

std-logi  c; 

s tdw I og i c wvec to r ( 1  -downto  0) 

s t dw I og i c-vec to r ( 1  -downto  0) 

std-logi  c; 

stdwlogi  c; 

std-logi  c; 

std-logi  c; 

stdwlogi  c; 

std-logi  c; 

std-logi  c; 

std-logi  c; 

stdwlogi  c; 

stdwlogi  c; 

••:  stdwlogic; 


s tdw log i CwVec tor ( 2  downto  0) 
stdwlogi  c; 


i  n 
i  n 
i  n 
i  n 
i  n 
out 
out 
out 


i  n 
i  n 
out 


stdwlogic; 

stdwlogic; 

stdwlogic; 

s t dw I og i CwVec to r ( 63  downto  0) 

s t dw  I  og i Cwvec to r ( 5 5  downto  0) 

•stdwlogic; 

• stdw  logi CwVector ( 4  downto  0) 

s t dw I og i CwVec to r ( 63  downto  0) 


stdwlogiCwVector(7  downto  0); 
stdw log i Cwvec tor ( 255  downto  0) 
•stdwlogic 


SHI  FTwOUT 
PTwVECTOR 
BITwMUX  • 


>  SHIFTwREG(7), 

>  PTwVECTOR, 
■■>     BITwMUX 


DES1  :  DES 
port  map( 


MESSAGE  > 


CLK  =>  CLK, 

RSTwN  =>  RSTwN, 

START  =>  STARTDES, 

MESSAGE  =>  MESSAGE, 

KEY  =>  KEY, 

DONE  =>  DONE, 

CNT  >  =>  CNT, 

DES-OUT  =>  DESwOUT 

<=  C0  when  (SELECT1  = 


)  else  C1 


PCSETSEARCHwPR:  process(RSTwN,CLK) 


begin 

i f  RSTwN  =  '0'  then 

FIRSTwTIMEl  <  = 

FIRSTwTIME2  <  = 

SEARCHwDLYI  <  = 

SEARCH-DLY2  <  = 

SEARCHwDLY3  <- 

t>         foriin0to7 
SHIFTwREGCi  )  <  = 


loop 
(others 
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1e7aa9 
5484bd 
c4af 5a 
8b67c5 
ddf62d 
90f778 
e7af 5a 
469339 
f f379e 
e3124d 
caa  f  5a 
1c1f25 
59cf 68 
9579ec 
78570d 
1f3044 
283e1b 
4e4037 
2f 075a 
931200 
7b9e12 
81026f 
f4dcb8 
f f2343 
75f 52f 
0f f 4ba 
e566d9 
b12966 
a0570d 
0262af 
35d83c 
951258 
30af 5a 
43af 5a 
635356 
b24d11 
C17216 
7a5356 
6a  a  f  5a 
d8af 5a 
517400 
da5356 
d00f89 
2b6118 
0e33cd 
a284bd 
14af 5a 
21 f6a6 
564a26 
df f4ba 
62bed3 
7a2966 
7611d6 
70570d 
44880d 
61df 0b 
5b960a 
1daf 5a 
415356 
556d3a 
725356 
960f89 
3561  18 
679f c5 
0ac778 
ecb31  1 
b6f02a 
332854 
9484bd 
6472b3 
3253d 
149f  48 


>        end  loop; 

elsif  CLK'event  and  CLK  =  '1'  then 


FIRST-TIME2  <=  FIRST-TIME1 
i  f  (DONE  =  ■ 1  ■  )  then 


i  f  (SEARCH  =  '1 
FIRST-TIME1  <= 
end  if: 


)  then 
1  '  ; 


SEARCH 
SEARCH 
SEARCH 
end  if 
if  (CN 


-DLY1  <=  SEARCH; 

-DLY2  <=  SEARCH-DLY1  ; 

-DLY3  <=  SEARCH-DLY2  ; 

T-EQ-1  =  ' 1 ' )  then 

SHIFT-REG(7)  <=  E XT R A-XO R-OU T ( 63  downto 


SHIFT-REG(6) 
SHIFT-REG(5) 
SHI FT-REG(4) 
SHIFT-REG(3) 


EXTRA-XOR-OUT(55  downto 

EXTRA-X0R-0UT(47  downto 

EXTRA-X0R-0UT(39  downto 

EXTRA-X0R-0UT(31  downto 


SHIFT-REG(2)  <=  E XT R A-X 0 R-OUT ( 2 3  downto 


SHIFT-REGd  ) 


EXTRA-X0R-0UT(15    downto 


> 
else 


end     if 


SHIFT-REG(0)     <=     EXTRA-X0R-0UT(     7    downto 

for     i     in    0    to    6     Loop 

SHIFT-REG(  i+1  )     <=    SHIFT-REGd  );  >> 

end  loop; 


56) 

48); 

40) 

32) 

24) 

16) 

•8); 

-  0) 


end  if; 


end  process  PCSETSEARCH-PR; 


Use  to  clear  away  invalid  matches  before  PC  loads 

FIRST-LOAD  <=  FIRST-TIME1  and  not ( F I RST-T I ME2 ) ; 


BIT-SHIFT-PR:  p ro c e s s ( RS T-N , C LK ) 

begin 

i  f  RST-N  =  '0'  then 

>        BIT-SHIFT-REG  <=  (others  =: 

elsif  CLK'event  and  CLK  =  '1'  then 


1  '  ) 


SHIFT  

i  f  (CNT-LE-10  =  ' 1  '  )  then 

>  for  i  in  0  to  6  loop 
BIT-SHIFT-REG(i  +  1  )  <=  B  I  T-S H I F T-R EG ( i ) ; > > 

>  end  loop; 

t>         BIT-SHIFT-REG(0)  <=  BIT-MUX; 
end  if; 


end  if; 

end  process  BIT-SHIFT-PR; 


MATCH-PR:  p r o c e s s ( R S T-N , C LK ) 


begin 

if  RST-N 


elsif 


0 '  then 
•  • MATCH  <=  '0'  ; 

MATCH-DLY-CYCLE1 

MATCH-DLY-CYCLE2 

KEY-0DD-DLY1  • • • 

KEY-0DD-DLY2  • • • 
CLK'event  and  CLK  =  '1'  then 

i  f  (CNT  =  10)  then 

>  if  ( (BIT-SHIFT-REG(O) 

>  (BIT-SHIFT-REGd  ) 


<  = 


<  = 


1  '     or     (PT-BYTE-MASK(0) 
1  '     or     (PT-BYTE-MASK(1  ) 


1  '  ))     and 
1  '  ))     and 
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7aec  5e 
053aa3 
ac0a72 
fddc8f 
08af99 
49dbf9 
44af 5a 
94087d 
9d0601 
5914c6 
f4124d 
2e570d 
289cf c 
75406a 
2e14c6 
a4570d 
029cf c 
ee72b3 
34c66f 
814dc2 
8f 570d 
d39cf c 
9c2e23 
b6b05a 
dd4a58 
9c570d 
79df0b 
cb400f 
e6a  f  5a 
2e5356 
4c503c 
645356 
890f89 
df6118 
a6b9e5 
e68ae4 
e084bd 
ad4c03 
362ccf 
2bdf0b 
74a3db 
4daf 5a 
525356 
C33157 
775356 
930f89 
391ce4 
C56889 
6684bd 
c66a63 
9591ac 
baca4b 
c4ca28 
a3b985 
c368d3 
fb2249 
af95f6 
b2ca4b 
5718d4 
3f b985 
3868d3 
0ef a37 
8cec8a 
24ca4b 
e55971 
49b985 
6668d3 
76b21d 
b82429 
e4ca4b 
a6e0f 1 
39b985 


(BIT-SHI  FT-REG(2  ) 
(  B  I  T  -  S  H  I  F  T  -  R  E  G  (  3  ) 
(BIT-SHIFT-REG(4) 
(BIT-SHIFT-REG(5) 
(BIT-SHIFT-REG(6) 
(BIT-SHIFT-REG(7) 


or  (PT-BYTE-MASK(2) 

or  (PT-BYTE-MASK(3) 

or  (PT-BYTE-MASK(4) 

or  (PT-BYTE-MASK(5) 

or  ( PT-BYTE-MASK(6) 

or  ( PT-BYTE-MASK(7) 


)  and 
)  and 
)  and 
)  and 
)  and 
)  )  then 


MATCH  <  = 
else 
MATCH  <: 
end  if; 


end  if; 


if  (FIRST-LOAD 
>  MATCH  ■ 
end  if; 


1  '  )  then 


i  f  (CNT  =  10)  then 

>  MATCH-DLY-CYCLE2  <=  M AT C H-D L Y-C Y C LE 1 

>  MATCH-DLY-CYCLE1  <=  MATCH  ; 
end  if; 


end 
end 


i  f  (PRE-DONE  =  '  1  '  )  then 

•  >        KEY-0DD-DLY2  -•■■<=  KE Y-0 D D-D L Y 1  ; 

>         KEY-0DD-DLY1  ••••<=  KEY(1  downto  0) 

end  if; 
i  f  ; 
process  MATCH-PR; 


WRITE-STROBE-PR:  process(RST-N,CLK) 


begin 

if  RST-N  =  '0'  then 

WR1B  <=  '  1  '  ; 

WR-STROBEB  <=  "1  '; 

elsif  CLK'event  and  CLK  =  '1'  then 

WR-STROBEB  <=  WR1B; 

WR1 B  <=  WRB; 

end  if; 

end  process  WRITE-STROBE-PR; 


KEY-PR:  process(RST-N,CLK) 


begin 
i  f  (RST 


-N  =  '  0  '  )  then 

•  KEY  <=  (others  =>  '01  ); 

LK'event  and  CLK  =  '1'  then 

■if  (WR1B  =  '0'and  ADDR-KEY(0)  =  '1')  then 

KEY(7  -downto  -0)  <=  DATAI; 

• elsi  f  (PRE-DONE  =  '  1  •  )  then 

KEY(7  -downto  0)  <=  D-KEY(7  -downto  0) 

-end  i  f ; 


if  (WR1B  =  '0'and  ADDR-KEYd)  =  '1')  then 

KEY(15  downto  -8)  <=  DATAI; 

elsi  f  (PRE-DONE  =  ' 1  '  )  then 

KEY(15  downto  -8)  <=  D-KEY(15  downto  -8) 

end  i  f  ; 

if  (WR1B  =  '©'and  ADDR-KEY(2)  =  '1')  then 

KEY(23  downto  16)  <=  DATAI; 

elsif  (PRE-DONE  =  ' 1 ' )  then 

KEY(23  downto  16)  <=  D-KEY(23  downto  16) 

end  if; 

if  (WR1B  =  '0'and  ADDR-KEY(3)  =  '1')  then 

KEY(31  downto  24)  <=  DATAI; 

elsif  (PRE-DONE  =  '1')  then 

KEY(31  downto  24)  <=  D-KEY(31  downto  24) 

end  if; 
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2068d3  

e442da  if  (WR1B  =  '0'and  ADDR-KEY(4)  =  '1')  then 

072921  KEY(39  downto  32)  <=  DATAI; 

59b985  end  i  f; 

ba68d3 

c40af0  if  (WR1B  =  '0'and  ADDR-KEY(5)  =  '1')  then 

7598b8  KEY(47  downto  40)  <=  DATAI; 

4db985  end  i  f  ; 

9868d3  

5fd28e  if  (WR1B  =  '0'and  ADDR-KEY(6)  =  '1')  then 

78f517  KEY(55  downto  48)  <=  DATAI; 

b2b985  end  if; 

1faf 5a 

1baf 5a 

f 6af 5a 

26df0b  end  if; 

b7b3ce  end  process  KEY^PR; 

3ea  f  5a 

a65356  

f46a76  READ-KEY-PR:  p roces s ( A D D R-KE Y  ,  RDB,  KEY) 

fd5356 

de0f89  begin 

da4f 55  i  f  (RDB  =  '0'  )  then 

18af5a 

677d5c  t>        if  (ADDR-KEY(0)  =  '1')  then 

85bd50  o        DATAO  <=  KEY(7  -downto  -0)  ; 

57df62  >        eLsif  (ADDR-KEYd)  =  '1')  then 

c639da  >        DATAO  <=  KEY(15  downto  -8)  ; 

46071c  t>        eLsif  (ADDR-KEY(2)  =  '1')  then 

9e67f6  t>        DATAO  <=  KEY(23  downto  16)  ; 

634f36  o        eLsif  (ADDR-KEY(3)  =  '1')  then 

a66347  >        DATAO  <=  KEY(31  downto  24)  ; 

5fbff1  t>        eLsif  (ADDR-KEY(4)  =  '1')  then 

830d86  t>        DATAO  <=  KEY(39  downto  32)  ; 

03f7db  o        eLsif  (ADDR-KEY(5)  =  '1')  then 

185c03  >        DATAO  <=  KEYC47  downto  40)  ; 

8c2fa5  >        eLsif  (ADDR-KEY(6)  =  '1')  then 

7c1867  o        DATAO  <=  KEY(55  downto  48)  ; 

44f52f  >        else 

3e8b86  >        DATAO  <=  (others  • =>  'Z'); 

0b570dt>        end  if; 

b4523c  else 

968b86  o        DATAO  <=  (others  • =>  'Z'); 

1bdf0b  end  if; 

c5a5d7  end  process  READ-KEY-PR; 

5caf 5a 

36af 5a 

92  5356 

6ada3c  KEY-ALU-PR:  p roc es s ( KEY-DEC R, KEY-I NC R, KEY  ) 

ad5356  ■ 

8c0f89  begin 

f baf 5a 

70af 5a 

96fbc9  if  (KEY-INCR  =  '1')  and  (KEY-DECR  =  '0')then 

ef0742  >        D-KEY  <=  KEY(31  downto  0)  +  1; 

af672e  eLsif  (KEY-DECR  =  '1')  -and  (KEY-INCR  =  '0')  then 

df3cda  >        D-KEY  <=  KEY(31  downto  0)  -  1; 

a3523c  else 

2da1d0  i>        D-KEY  <=  KEY(31  downto  0); 

a1df0b  end  if; 

5  a  a  f  5  a 

95eaaa  end  process  KEY-ALU-PR ; 

e8af 5a 

f  45356  

1ba4fa  EXTRA-XOR-PR :  p roc e s s ( PT-XOR-MASK, EXTR A-S E LE C T,  DES-OUT,  C0) 

0e5356  

680f89  begin 

dd0898  case  EXTRA-SELECT  is 

1e78af  when  "000"  =>• 

58585d  EXTRA-XOR-OUT  <=  DES-OUT  xor  PT-XOR-MASK; 

17e77a  when  "001"  =>■ 

76585d  EXTRA-XOR-OUT  <=  DES-OUT  xor  PT-XOR-MASK; 
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1ef910  when  "010"  =>• 

db72de  EXTR A-XOR-OUT  <=  ((DES-0UT(63  downto  56)  -xor  DES-0UT(31  downto  24))  & 

ddf11d  >         >         >         • • ( DES-0UT( 55  downto  48)  -xor  DES-0UT(23  downto  16))  & 

6356d8  t>         t>         >         ■  •  (  DES-0UT(47  downto  40)  -xor  DES-0UT(15  downto  -8))  & 

a0d1e7  t>         >         >         • ■ ( D ES-OUT ( 39  downto  32)  -xor  DES-0UT(  7  downto  -0))  & 

bd7630  >         >         >         •  •  ■  DES-0UT(31  downto  -0))  xor  PT-XO R-M A S K; - 

f bcd5e  

e4aa87  when  "101"  =>• 

b8c89f  EXTRA-XOR-OUT  <=  D  E  S  -  0  U  T  xor  C  0  ; 

71b4ed  when  "110"  =>• 

561724  EXTRA-XOR-OUT  <=  (DES-0UT(63  downto  56)  xor  DES-0UT(31  downto  24))  & 

01c057  >         >         >         -(DES-OUT(55  downto  48)  xor  DES-0UT(23  downto  16))  S 

5eaac9  t>         >         t>         -(DES-0UT(47  downto  40)  xor  DES-0UT(15  downto  -8))  & 

444d11  >         >         t>         -(DES-0UT(39  downto  32)  xor  DES_0UT(  7  downto  -0))  & 

7c4bb5  >         >         >         -DES-0UT(31  downto  -0)  ;• 

5  ca  f  5a 

df af 5a 

cc6f48  when  others  =>• 

0aabcd  >         EXTR A-XOR-OUT  <=  DES-OUT; 

7caf 5a 

7b92b5  end  case; 

bc11f0  end  process  EXTRA-XOR-PR; 

c96a82  EXTRA-SELECT  <=  SELECT1-DLY  S  EXTRA-XOR  S  USE-CBC; 

f3309b  — EXTRA-SELECT  <=  SELECT1  S  EXTRA-XOR  &  USE-CBC; 

5  5  53  56  

7f774c  STARTDES-PR:  p ro c e s s ( R ST-N , C LK ) 

ca53  56  

610f89  begin 

ec61 18  if  RST-N  =  '0'  then 

bf83ec  >         STARTDES  <=  '  0  '  ; 

8084bd  elsif  CLK'event  and  CLK  =  '1'  then 

a25435  — 1>       STARTDES  <=  DONE  or  LOAD; -17  clocks 

fabe3f  >         STARTDES  <=  PRE-DONE  or  LOAD;  -16  clocks 

6baf 5a 

f2df0b  end  if; 

7d3b06  end  process  STARTDES-PR; 

f3af 5a 

905  356  

14d499  KEY-INCR-DECR-PR:  p r oc e s s ( RS T-N , C LK  ) 

a  15356 

750f89  begin 

236118  if  RST-N  =  '0'  then 

e500ed  t>         KEY-INCR  <=  '0'; 

28b39e  t>         KEY-DECR  <=  *0'; 

b784bd  elsif  CLK'event  and  CLK  =  '1'  then 

c7c055  -- 

472b5c  KEY-INCR  ■ <=  -(CNT-GT-10  and  not(DONE)  and  S E A R C H I NG-D L Y  )  and  ( 

935a62  t>        not(MATCH)  -or  • normal  case 

6f7d3b  >        SELECT1  or  -  t>    false  match 

7dc579  o         FIRST-DES); 

db4587  KEY-DECR  <=  >    (CNT-GT-10  and  not(DONE)  and  S E AR C H  I  NG_ D L Y  )  and timing 

73bc59  >         t>         (MATCH  and  not  ( SELECT1  )  ) only  backup  if  match  on  C0 

55d0e4  >         >         and  not(FIRST-DES);  • 

69af 5a 

86df0b  end  if; 

0a0e68  end  process  KEY-INCR-DECR-PR; 

a  ca  f  5a 

589268  FALSE-MATCH   <=  '1'  when  ( MAT C H-D L Y-C Y C LE2  =  '1')  and  (MATCH  =  '0')  and  (SEARCHl 

94bed5  ING-DLY  =  '1  '  ) 

e  1  4  7  6 1  >         >         >        e  I  s  e  '  0  '  ; 

942 b60  

fc4e98  timing  block,  sensitive  to  START  ■ 

bf2b6  0  

22f539  PRE-DONE  <=  '1'  when  (CNT  =  "01111")  else  '0'; 

e07bdd  RESET-SEARCHING  <=  '1'  when  (CNT  =  "01100")  else  '0'; 

f baf 5a 

7b9367  CNT-EQ-1  •■ 

684cb0  CNT-LE-10  <=  '1'  when  (CNT  >  1  and  CNT  <  10)  else 


1  ' 

when 

(CNT 

=  1  )  else 

1  • 

when 

(CNT 

>  1  and  CNT 

1  • 

when 

(CNT 

=  10)  else 

1 ' 

when 

(CNT 

>  10)  else 

563699  CNT-EQ-10 

9328ae  CNT-GT-10 

a  85 35 6  

e5c874  SEARCHING-PR:  p roc e s s ( RST-N , C LK ) 
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b65356 
bf 0f 89 
2861  18 
5a14d7 
4e3178 
289c7f 
3b84bd 
d5b815 
c8af 5a 
61fa1b 
42dc18 
1d1 5d2 
82570d 
19af 5a 
09b5f  d 
561061 
e00969 
b9570d 
f eaf 5a 
80f 3b4 
f 52661 
c0df  0b 
69d83c 
b2650d 
5a053c 
74af 5a 
b85356 
5c5406 
b45356 
db0f89 
b761 18 
633057 
4384bd 
79af 5a 
1358c1 
3654be 
50ed0d 
16570d 
78af 5a 
365ec8 
e56df  5 
5861ba 
9df 1b6 
3a570d 
f  5f  3b4 
7e2e23 
41 0eef 
bf 570d 
7fdf0b 
7dd83c 
355784 
f  f  5356 
559ec2 
9acf cc 
18880e 
a1188e 
070e22 
ad8de4 
5ebdd4 
9aaf 5a 
a358f e 
dadf  1  1 
545f  f8 
0f628a 
925356 
3f b08a 
5a5356 
61af 5a 


begin 

if  RST-N  =  '0'  then 

SEARCHING  <  =  '0'; 

SEARCHING-DLY  <=  '0'; 

CLEAR-SEARCH  <=  '0'; 

elsif  CLK'event  and  CLK  =  '1'  then 
SEARCHING-DLY  <=  SEARCHING; 


search  active  

if  ((LOAD  =  '1')  or  (SEARCHING  =  '1'))  then 

SEARCHING  •<=  ■ 1 • ; 
end  if; 


found  C1  

if  (CLEAR-SEARCH-BAK 
SEARCHING  - <= 
end  if; 


1 ' )  then 


CLEAR-SEARCH  <=  CLEAR-SEARCH-BAK; 


end  if 


end  process  SEARCHING-PR; 
o         CHECK-SAME-KEY  <= 


when  (KEY(1  downto  0)  =  KE Y_0D D-D L Y2 )  else 


SELECT1-PR:  p ro c e s s ( R S T-N , C LK ) 


begin 

if  RST-N  =  '0'  then 

SELECT1  <=  '  1  '  ; 

elsif  CLK'event  and  CLK  =  '1'  then 


found  C0,  look  for  C1  • 

if  ((MATCH  =  '1')  and  (SELECT1  =  '0')  and  (PRE-DONE  =  "I"))  -then 
>         SELECT1  ■ <=  ' 1 ' ; 
end  if; 


Restart  by  PC  or  C1  is  not  a  match  

if  (LOAD  =  ' 1 ' )  -or  • 

((SELECT1  =  '1')  and  (PRE-DONE  =  '1')  and  ( S E AR C H I NG-D L Y  =  '1'))  then 
>         SELECT1   <=  '0'; 
end  if; 


i  f  (PRE_D0NE  =  ' 1  '  )  then 

SELECT1-DLY  <=  SELECT1 
end  i  f  ; 


end  i  f ; 

end  process  SELECT1~PR; 


SEARCH-OUT  >     <=  SEARCHING; 

LOAD  >   >        <=  SEARCH-DLY1  and  PRE-DONE  and  no t ( S EARC H-D L Y2  )  ;  —  17  clocks 

FIRST-DES  >      <=  SEARCH-DLY2  and  no t ( S E ARCH-D L Y3  )  ;  ■ 

CLEAR-SEARCH-BAK  >        <=• 

•1'  when  ((MATCH  =  '1')  and  (SELECT1  =  'O')- 

and  (SELECT1-DLY  =  '1')  and  (RESET-SEARCHING  =  '1')- 

>         >        and  (SEARCHING  =  ■ 1 ' ) )  else  '01; 


SELECT 
• KEY-0 
- DES-0 
--  MAT 


-0NE> 
UT  > 
U  T  P  U  T  : 
CH-OUT 


<=  SELECT1, 

<=  KEY; 

<=  DES-OUT, 

<=  MATCH; 


end  b  e  h  ; 
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bb997d 
aa533a 
f06e63 
704774 
b65356 
407f af 
6411e9 
b3da83 
a0e105 
325356 
ba69f6 
c2a  f  5a 
69cba7 
83c75f 
2c3455 
ae00c5 
27a88e 
d381d2 
b2af 5a 
a71892 
7419f8 
c4737c 
a7a  f  5a 
9aaf 5a 
77b995 
43af 5a 
f f 5356 
c401be 
ca5356 
2caf 5a 
d6af 5a 
4be6ee 
bc4c76 
6c5c79 
386c68 
7a7c67 
c40c4a 
7d1c45 
a42c54 
6a3c5b 
e8c  c0e 
01dc01 
6b9f 5a 
2e1 14a 
ad8b6b 
4c057b 
69b738 
913928 
66a309 
322d19 
cf cf9e 
f0418e 
26af 4b 
4b215b 
ccbb7a 
d1356a 
deaf  5a 
b10f89 
aea  f  5a 
df 5356 
09905b 
5b5356 
e09ebc 
a  1  a8c8 
c0f ed4 
1d5a3e 
d9ae0d 
07e982 
a6766d 
5f 523c 
cedec9 
a862af 


Author  

Date  

Description> 


•  Tom  Vu  •  •  • 
•09/19/97  • 
• UProcessor 


interface 


Library  ieee; 

use  IEEE.  std-Logi c-1164.aL I; 
use  IEEE.std-Logic-arith.aLL; 
use  I  EEE  .  s td- Logi c-uns i gned . a L L 


entity  START-REG  is 


por  t  ( 


• RST-N  

•  CHIP-EN 

•  WRB  

■ ADDSEL2 

•  ADDR  > 

-  CLEAR-SEARCH 


SEARCH-IN 
DATAI 


i  n 
i  n 
i  n 
i  n 
i  n 
i  n 

OUT 
i  n 


std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c; 

std-Logic-vector(7  downto  0  )  ; 
std-Logic-vector(23  downto  0  )  ; 

■ s t d- L og i c-vec t o r ( 23  downto  0) 
s t d- Log i c-vec to r ( 7  downto  0) 


end  START-REG, 


architecture  beh  of  START-REG  is 


s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 
s  i  gna  L 

begin 


SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 


IN-REG  t> 

RST-N-0 

RST-N-1 

RST-N-2 

RST-N-3 

RST-N-4 

RST-N-5 

RST-N-6 

RST-N-7 

RST-N-8 

RST-N-9 

RST-N-10 

RST-N-1 1 

RST-N-12 

RST-N-13 

RST-N-14 

RST-N-15 

RST-N-16 

RST-N-1 7 

RST-N-1 8 

RST-N-19 

RST-N-20 

RST-N-21 

RST-N-22 

RST-N-23 


std-Logi  c-vector(23 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c; 
std-Logi  c; 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c; 
std-Logi  c  ; 
std-Logi  c; 
std-Logi  c; 
std-Logi  c  ; 
std-Logi  c; 
std-Logi  c; 
std-Logi  c; 
std-Logi  c; 
std-Logi  c  ; 
std-Logi  c  ; 
std-Logi  c; 
std-Logi  c  ; 
std-Logi  c  ; 


downto  0  ) 


SEARCH-IN0-PR:  p ro c e s s ( S E A RC H-R S T-N-0,  WRB) 
begin  • • 

if  (SEARCH-RST-N-0  =  '01)  then 

>  SEARCH-IN-REGC0)  <=  '0'; 
eLsif  (WRB'event  and  WRB=  '1')  then 

if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR 

>  SEARCH-IN-REG(0)  <=  DATAK0); 
e  L  se 

>  SEARCH-IN-REG(0)  <=  S E A R C H- I N-R EG ( 0  )  ; 
end  if;  - 


111"))  then 
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5562af  end  if;  • 

7da8c8  

eb2dfd  end  process  SEARCH-IN0-PR; 

295356  

aflcdd  SEARCH-IN1-PR:  p r oc es s ( S E AR C H-RST-N-1 ,  WRB) 

a45356  

e89ebc  begin 

26803e  if  ( S EARC H-R ST-N-1  =  '0')  then 

890faf  >  SEARCH-IN-REGd  )    <=     '0'; 

aeae0d  eLsif  (WRB'event  and  WRB  =  '1')  then 

8eec2f  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "01001111"))  then 

34f87d  t>         SEARCH-IN-REGd)  <=  DATAM0); 

5462af  end  if;  • 

6462af  end  if;  • 

91a8c8  

ee29d6  end  process  SEARCH-IN1-PR; 

f c5356  

a58146  SEARCH-IN2-PR:  p ro c e s s ( S E A R C H-R S T-N-2 ,  WRB) 

795  3  56  

b59ebc  begin  •■ 

a40300  if  (SEARCH-RST-N-2  =  '0')  then 

ccf11c  >        SEARCH-IN-REG(2)  <=  '0'; 

17ae0d  eLsif  (WRB'event  and  WRB  =  '1')  then 

119768  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "01010111"))  then 

76625c  >         SEARCH-IN-REG(2)  <=  DATAK0); 

2d62af  end  if;  • 

8c62af  end  if;  • 

daa8c8  

0725ab  end  process  SEARCH-IN2-PR; 

9f 5356  

fc0dc0  SEARCH-IN3-PR:  p ro c e s s ( S E A R C H-R S T-N-3 ,  WRB) 

6b5356  

2d9ebc  begin  •• 

f47dea  if  ( S E ARC H-RST-N-3  =  '0')  then 

aea48d  >        S E AR CH-I N-REG ( 3  )  <=  '0'; 

21ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

5092c5  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "01011111"))  then 

7cec4c  >         SEARCH-IN-REG(3)  <=  DATAK0); 

b462af  end  if;  • 

4362af  end  if;  • 

2ba8c8 

1e2180  end  process  S EARC H-  I  N3-PR ; 

c 3 53 5 6  

7eb261  SEARCH-IN4-PR:  p roc e s s ( S EARC H-RST-N-4,  WRB) 

b2  5356  

af9ebc  begin  •• 

750d6d  if  (SEARCH-RST-N-4  =  '0')  then 

dc046b  \>  SEARCH -IN-REG(4)  <=  '0'; 

2dae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

2fa1a8  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "01100111"))  then 

cb5e0f  >         SEARCH-IN-REG(4)  <=  DATAIC0); 

e162af  end  if;  • 

5462af  end  if;  • 

99a8c8  

133d51  end  process  SEARCH-IN4-PR; 

595  356  

123ee7  S E ARC H- I N5-PR :  process ( S EARCH-RST-N-5 ,  WRB) 

0d5356  

e19ebc  begin  •■ 

0a7387  if  ( S EARCH-RST-N-5  =  '0')  then 

6051fa  t>        SEARCH_IN-REG(5)  <=  '0'; 

96ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

7da405  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "01101111"))  then 

a2d01f  >         SEARCH-IN-REG(5)  <=  DATAK0); 

1362af  end  if;  - 

ab62af  end  if;  * 

3ea8c8  

1d397a  end  process  SE ARC H-I N5-PR ; 

a45356  

53a37c  S E ARC H- I  N6-PR :  p r o c e s s ( S E A R C H-R S T-N-6 ,  WRB) 

845356  

ad9ebc  begin  ■ ■ 
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84f0b9  if  (SEARCH-RST-N-6  =  '0')  then 

5eaf49  >         SE  ARC  HUI  N-REG  (  6  )  <=  '0'; 

4aae0d  elsif  (WRB'event  and  WRB=  '1')  then 

a0df42  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "01110111"))  then 

084a3e  c>         SE  ARCH-I  N-REG  (  6  )  <=  DATAK0); 

9562af  end  if;  • 

b362af  end  if;  - 

15a8c8  

ef3507  end  process  SE ARCH-I N6-PR; 

de5  35  6  

082ffa  SEARCH-IN7-PR:  p roc e s s ( S E ARC H-R ST-N-7,  WRB) 

65  5356  

2a9ebc  begin  •  * 

fa8e53  if  ( S E ARCH-RST-N-7  =  '0')  then 

d0fad8  >         SEARCH-IN-REG(7)  <=  '0'; 

e3ae0d  elsif  (WRB'event  and  WRB=  '1')  then 

b5daef  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "01111111"))  then 

7bc42e  >         S  EARCH-I  N-REG  (  7  )  <=  DATAK0); 

4562af  end  if;  ■ 

9a62af  end  if;  ■ 

cba8c8  

eb312c  end  process  S EARCH-I N7-PR; 

84  5  3  56 

68d42f  SEARCH-IN8-PR:  p ro c e s s ( S E ARC H-R ST-N-8 ,  WRB) 

f 75356  

829ebc  begi  n  • • 

f 81  1 b7  if  (SEARCH-RST-N-8  =  '0')  then 

9ee694  t>         S  E  ARCH-  I  N-REG  (  8  )  <=  '0'; 

0dae0d  elsif  (WRB'event  and  WRB=  '1')  then 

ef779d  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10000111"))  then 

bc26a9  o         S  E  ARCH-I  N-REG  (  8  )  <=  DATAK0); 

e962af  end  if;  ■ 

d562af  end  if;  • 

3ca8c8  

920ca5  end  process  SEARCH-IN8-PR; 

765  3  56  

0b58a9  SEARCH-IN9-PR:  p ro c e s s ( S E ARC H-RST-N-9 ,  WRB) 

2753  56  

8a9ebc  begin 

016f5d  if  (SEARCH-RST-N-9  =  '0')  then 

d0b305  >         SEARCH-IN-REG(9)  <=  '0'; 

58ae0d  elsif  (WRB'event  and  WRB=  '1')  then 

057230  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10001111"))  then 

44a8b9  t>         SEARCH-IN-REG(9)  <=  D  A  T  A  I  (  0  )  ; 

e062af  end  if;  - 

ae62af  end  if;  • 

36a8c8  

7a088e  end  process  SEARCH-IN9-PR; 

0f  5356  

dabff6  SEARCH-IN10-PR:  p roc e s s ( S E A R C H-RS T-N- 1 0 ,  WRB) 

9b5  35  6  

e89ebc  begin 

c5b8e4  if  ( S E ARCH-RST-N-1 0  =  '0')  then 

e109db  t>         SEARCH-IN-REG(10)  <=  '0'; 

7bae0d  elsif  (WRB'event  and  WRB=  '1')  then 

350977  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10010111"))  then 

fe8b04  >         SEARCH-IN-REG(10)  <=  DATAK0); 

5962af  end  if;  - 

da62af  end  if;  • 

f 6a8c8  

b6c353  end  process  S E ARCH- I N 1 0-PR; 

f  e5356  

C59206  SEARCH-IN11-PR:  p r oc e s s ( S E A R C H-R S T-N-1 1 ,  WRB) 

52  5356  

3a9ebc  begin 

28c60e  if  (SEARCH-RST-N-1 1  =  '0')  then 

e15c4a  >         SEARCH-IN-REG(11)  <=  '0'; 

5bae0d  elsif  (WRB'event  and  WRB=  '1')  then 

350cda  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10011111"))  then 

410514  >         SEARCH-IN-REG(1  1  )  <=  DATAK0); 

0c62af  end  if;  - 

bb62af  end  if;  • 
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80a8c8  

8bc778  end  process  S E AR CH-  I  N 1 1 -PR ; 

355356  

8fe416  SEARCH-IN1 2-PR:  p ro c e s s ( S E A R C H-R ST-N-1 2 ,  WRB) 

fb5  356  

119ebc  begin 

754530  if  (SEARCH-RST-N-12  =  '0')  then 

46a2f9  >        SEARCH-IN-REG(12)  <=  '0'; 

f1ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

373fb7  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10100111"))  then 

759f35  t>         SEARCH-IN-REG(12)  <=  D  A  T  A  I  (  0  )  ; 

4262af  end  if;  ■ 

8e62af  end  if;  • 

92a 8 c8  

80cb05  end  process  SEARCH-IN12-PR; 

1d5356  

05c9e6  SEARCH-IN13-PR:  p roc e s s ( S E ARC H-RST-N-1 3 ,  WRB) 

915  356  

a89ebc  begin  •* 

d73bda  if  (  S EAR C H-RST-N-1 3  =  '0')  then 

ccf768  t-  SEARCH-IN-REG(13)  <=  '0'; 

aeae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

943a1a  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10101111"))  then 

321125  >         SEARCH-IN-REG(13)  <=  DATAK0); 

ba62af  end  if;  * 

2a62af  end  if;  * 

8ca8c8  

c3cf2e  end  process  SEARCH-IN13-PR; 

145356  

C00836  SEARCH-IN14-PR:  p ro c e s s ( S E A R C H-R S T-N-1 4 ,  WRB) 

9a 5356  

cb9ebc  begin  *  * 

af4b5d  if  ( S E ARC H-RST-N-1 4  =  '0')  then 

31578e  >  SEARCH-IN-REG(14)  <=  '0'; 

fbae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

17415d  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10110111"))  then 

c2a366  >         S  E  ARC  H-I  N-REG  (  1  4  )  <=  DATAK0); 

4862af  end  if;  ■ 

f462af  end  if;  • 

30a8c8  

78d3ff  end  process  SEARCH-IN14-PR; 

d85  35  6  

a225c6  S E ARC H-I N1 5-PR :  p roces s ( S E ARC H-RST-N-1 5 ,  WRB) 

815  356  

699ebc  begi  n  •  • 

a735b7  if  ( S E A R C H-RST-N-1 5  =  '0')  then 

5e021f  >         SEARCH-IN-REGd 5)  <=  '0'; 

e0ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

8444f0  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "10111111"))  then 

492d76  >         SEARCH-IN-REG(1  5)  <=  DATAK0); 

db62af  end  if;  ■ 

0d62af  end  if;  • 

f7a8c8  

9ad7d4  end  process  SEARCH-IN15-PR; 

195  356  

5753d6  SEARCH-IN16-PR:  p ro ce s s ( S E A RC H-RST-N-1 6,  WRB) 

d2  5  356  

f19ebc  begin 

5db689  if  ( S E ARC H-RST-N-1 6  =  '0')  then 

10fcac  o         SEARCH-IN-REG(16)  <=  '0'; 

69ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

9bf98d  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "11000111"))  then 

5fb757  >         SEARCH-IN-REG(16)  <=  DATAK0); 

dd62af  end  if;  ■ 

a262af  end  if;  • 

d2a8c8  

8bdba9  end  process  SEARCH-IN16-PR; 

375  356  

c77e26  S E ARCH-I N 1 7-PR :  p r o c e s s ( S E A R C H-R S T-N-1 7 ,  WRB) 

325356  

e39ebc  begin  • • 

e1c863  if  ( S E AR C H-R ST-N-1 7  =  '0')  then 
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7da93d  >         SEARCH-IN-REGM7)  <=  '  0  '  ; 

a4ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

01fc20  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "11001111"))  then 

6b3947  >         SEARCH-IN-REGM7)  <=  DATAK0); 

8e62af  end  if;  ■ 

9b62af  end  if;  • 

60a8c8  

8adf82  end  process  S EARC H- I N1 7-PR; 

7d5  3  56  

1fd867  SEARCH-IN18-PR:  p ro c e s s ( S E A R C H-RST-N-1 8,  WRB) 

6d5  3  56  

91 9ebc  begi  n  •  • 

335787  if  ( S E A R C H-R ST-N- 1 8  =  '0')  then 

bcb571  o         SEARCH-IN-REG(18)  <=  '0'; 

aeae0d  elsif  (WRB'event  and  WRB  =  '1')  then 

ac8767  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "11010111"))  then 

8adbc0  o         S  E  ARC  H-I  N-R  EG  (  1  8  )  <=  DATAK0); 

2962af  end  if;  • 

7962af  end  if;  ■ 

01a8c8  

83e20b  end  process  SEARCH- I  N 1 8-PR; 

f c5356  

7df597  SEARCH-IN19-PR:  p ro c e s s ( S E A R C H-RS T-N-1 9,  WRB) 

3e5356  

cc9ebc  begin 

87296d  if  ( S E ARC H-RST-N-1 9  =  '0')  then 

3fe0e0  >         SEARCH-IN-REGU9)  <=  '0'; 

35ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

1b82ca  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "11011111"))  then 

3655d0  >         SEARCH-IN-REG(19)  <=  DATAK0); 

ff62af  end  if;  • 

8862af  end  if;  • 

efa8c8  

54e620  end  process  S E ARCH- I N 1 9-PR; 

f 6 53 5 6  

a5af01  SEARCH-IN20-PR:  p roc e s s ( S E A R C H-RST-N-2 0  ,  WRB) 

86  5  3  56  

6c9ebc  begin 

af609a  if  ( S EARC H-RST-N-20  =  '0')  then 

248e35  t>         S  E  ARCH-  I  N-REG  (  20  )  <=  '0'; 

c4ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

98b1a7  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "11100111"))  then 

aebb15  >         S  EARCH-I  N-REG  (  20  )  <=  DATAK0); 

5062af  end  if;  « 

0762af  end  if;  - 

fca8c8  

1a6b3d  end  process  SEARCH-IN20-PR; 

be  53 56  

ef82f1  SEARCH-IN21-PR:  p r o c e s s ( S E A R C H-R S T-N-2 1  ,  WRB) 

065356  

ff9ebc  begin  *  * 

b21e70  if  ( SE AR C H-R ST-N-2 1  =  '0')  then 

80dba4  >         S E ARC H-I  N-R EG ( 2  1  )  <=  '0'; 

c0ae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

c2b40a  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "11101111"))  then 

4e3505  >         SEARCH-I  N-REG  (  21  )  <=  DATAK0); 

9d62af  end  if;  - 

b262af  end  if;  • 

04a8c8  

126f16  end  process  SEARCH-IN21-PR; 

4c 5356  

5ef4e1  S EARCH-I  N22-PR  :  p ro c e s s ( S EARC H-R ST-N-2 2 ,  WRB) 

be  5356  

9e9ebc  begin 

2c9d4e  if  ( S E A RC H-RST-N-2 2  =  '0')  then 

012517  >         SEARCH-IN-REG(22)  <=  '0'; 

9fae0d  eLsif  (WRB'event  and  WRB=  '1')  then 

52cf4d  if  ((CHIP-EN  =  '1')  and  (ADDSEL2  =  '0')  and  (ADDR  =  "11110111"))  then 

38af24  >         SEARCH-IN-REG(22)  <=  DATAK0); 

9362af  end  if;  - 

5d62af  end  if;  • 

90a8c8  
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c1636b 
ec5356 
81d911 
245356 
519ebc 
54e3a4 
127086 
c  cae0d 
61 cae0 
bb2134 
4962af 
8262af 
f 8a8c8 
586740 
8ca8c8 
c4af 5a 
b435b2 
0a943e 
0b7ebb 
4adf37 
bf a3a0 
f c022c 
34e8a9 
d34925 
01 1187 
a1b00b 
b5e1a0 
83402c 
1  f  aaa9 
940b25 
0e77b2 
06d63e 
e33cbb 
4a9d37 
0ec595 
f b6419 
f 332ef 
ae9363 
8c79e6 
bed86a 
0ad83c 
b47227 
bbaf 5a 
875356 
19b08a 
2d5356 
f7af 5a 


end  process  SEARCH-IN22-PR; 

SEARCH-IN23-PR:  p roce s s ( S E ARC H-R ST-N-23  ,  WRB) 


begin 
if  (S 


elsif 
if  (  ( 


end 
end 


EARCH_RST-N_23  =  '0')  then 
SEARCH-IN-REG(23)  <=  '  0  '  ; 
(WRB'event  and  WRB=  '1')  then 

CHIP-EN  =  "I")  and  (ADDSEL2  =  '0 
SEARCH-IN-REG(23)  <=  DATAK0) 

f;  • 
f ;  ■ 


)  and  (ADDR  =  "11111111"))  then 


end  process  SEARCH-IN23-PR; 


SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 
SEARCH. 


RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 


N-0 

N-1 

N-2 

N„3 

N-4 

N-5 

N-6 

N-7 

N-8 

N-9 

N-10 

N-11 

N-12 

N-13 

N-14 

N-15 

N-16 

N_17 

N-18 

N-19 

N-20 

N_21 

N-22 

N-23 


RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST, 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 
RST. 


,N  and 

,N  and 

.N  and 

,N  and 

.N  and 

.N  and 

.N  and 

,N  and 

,N  and 

.N  and 

,N  and 

.N  and 

.N  and 

,N  and 

.N  and 

,N  and 

.N  and 

.N  and 

,N  and 

,N  and 

.N  and 

,N  and 

.N  and 

,N  and 


not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 
not 


(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 
(CLEAR. 


SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 
SEARC 


H  (  0  )  )  ; 
H  (  1  )  )  ; 
H  (  2  )  )  ; 
H  (  3  )  )  ; 
H(4)); 
H(5>); 
H  (  6  )  )  ; 
H  (  7  )  )  ; 
H  (  8  )  )  ; 
H  (  9  )  )  ; 
H(10) ) 
H  C 1  1  )) 
H(12)) 
H(13)) 
H(14)) 
H(15)) 
H(16)) 
H(17)) 
H(18)) 
H(19)) 
H(20)) 
H(21  )) 
H(22)) 
H(23)) 


SEARCH-IN  » 


<=  SEARCH-IN-REG, 


end  b  e  h  ; 
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bb997d 
aa  533a 
3a917e 
5eef f 0 
845356 
737faf 
7511e9 
4cda83 
b0e105 
cb5356 
f fe642 
84af 5a 
c0ec7a 
712e77 
c71a55 
d52b30 
375697 
476737 
939760 
f93782 
9b4c8d 
35b47e 
696ad7 
08ea5e 
0f f367 
4ee24e 
ac737c 
1faf 5a 
abaf  5a 
d24c52 
2baf 5a 
d05356 
657e41 
bd5356 
240e4c 
9cda9c 
27af 5a 
501589 
5d81c4 
787bfe 
66da4d 
a918df 
f7e4a1 
d936e3 
ac9da4 
675681 
f78a11 
44af 5a 
a  ca1 05 
21672b 
ac8b87 
a27ca3 
677a3e 
ad639f 
304718 
e3af 5a 
0da322 
8cec7a 
272e77 
a16737 
349760 
02ba  aa 
d19ea8 
cc58af 
012913 
830925 
92c9d3 
d4af 5a 
a  fa  f  5a 
ab4d79 
ed809f 
68f8de 


Author 

Date  

Description 


Tom  Vu  

09/07/97  

TOP  Level  for  DES  KEY  Search  array 


Library  ieee; 

use  IEEE.std-Logic-1164.aLL; 
use  IEEE.std-Logic-arith.aLL; 
use  I  EEE . s t d- L og i c-uns i gned  .  a L L 


entity  TOP  i  s 


port  ( 


CLK  

RST-N  

BOARD-EN  -• 

ALE  

ADDSEL1  • • • 

WRB  

RDB  

ADDSEL2  • ■ • 

AA-IN  

ADDR  

CHIP-ID  • • • 
AA-OUT 
CHIP-AA-OUT 
DATA  


in  •  •  ■  • s td- Logi  c; 

in  ■••■std-Logic; 

in  ••••std-Logic; 

in  ••••std-Logic; 

in  ••••std-Logic; 

in  ••■■std-Logic; 

in  ••••std-Logic; 

in  ••••std-Logic; 

in  ••••std-Logic; 

in  • * • • s t d- L og i c-ve c t or ( 7  downto 

in  • • * ' s t d- L og i c-ve c t or ( 7  downto 

out  •• -std-Logic; 

out  --'Std-Logic; 

inoutt>  s  t  d- L  og  i  c-ve  c  t  or  (  7  downto 


end  TOP; 


architecture  beh  of  TOP  is 


type  DATA8-ARRAY  is  array(7  downto  0)  of  std-Logic-vector(7  downto  0); 
type  DATA7-ARRAY  is  array(23  downto  0)  of  s t d- L og i c-ve c t o r ( 6  downto  0) 


si  gna  L  SHI FT-REG  •  •  i 

signaL  SELECT-ONE  > 

signaL  SEARCH-IN  > 

signaL  SEARCH-OUT  o 

signaL  CLEAR-SEARCH 

signaL  PT-XOR-MASK 

signaL  PT-BYTE-MASK 

signaL  PT-VECTOR  ■ ■ 

signaL  C0  ■ 

signaL  C1  •• ■ 


signaL  USE-CBC  >  > 
signaL  EXTRA-XOR> 
signaL  TEMPS  >  > 
signaL  KEY  >  > 
•signaL  DATAOt>  > 
•  signaL  DATAI  >  > 
signaL  ADDR-KEY>> 

component  SEARCH-UNIT 

port(  -  - CLK  

RST-N  

WRB  

RDB  

SEARCH  

PT-BYTE-MASK 

PT-XOR-MASK  • 

ADDR-KEY  •  •  ■  ■ 

EXTRA-XOR  -  •  • 

USE-CBC  


DATA8-ARRAY; 

:  s t d- L og i c-ve c t or ( 23  downto  0) 
std-Logic-vector(23  downto  0); 
std-Logic-vector(23  downto  0); 
std-Logic-vector(23  downto  0); 
:  std-Logic-vector(63  downto  0); 
std-Logic-vector(7  downto  0); 
std-Logic-vector(255  downto  0); 
std-Logic-vector(63  downto  0  )  ; 
std-Logic-vector(63  downto  0); 

std-Logi  c; 

std-Logi  c; 

std-Logi  c; 

std-Logic-vector(55  downto  0); 

s t d- L og i c-vec t or ( 7  downto  0); 

s t d- Log i c-vec t or ( 7  downto  0); 

DATA7-ARRAY; 


DATAI  

PT-VECTOR 

C0  


i  n 

i  n 

i  n 

i  n 

i  n 

i  n 

i  n 

i  n 
i  n 
i  n 


std-Logi  c; 

std-Logi  c; 

std-Logi  c; 

std-Logi  c; 

std-Logi  c; 

std-Logic-vector(7  downto  0); 

s t d- Log i c-vec to r ( 63  downto  0) 

s t d- L og i c-vec to r ( 6  -downto  0) 

•std-Logic; 

• std-Logic ; 


std-Logic-vector(7  downto  0); 
std- Logi c-vec tor ( 255  downto  0) 
std-Logic-vector(63  downto  0); 
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e637cb 
c  c33a4 
706b53 
cf c5f c 
1e60f9 
47737c 
6daf 5a 
cf e2c6 
8daf 5a 
62af 5a 
D76102 
3ccba7 
e51a55 
3a2b30 
485697 
a26737 
d09760 
c13782 
e64c8d 
c3b47e 
976ad7 
3d053a 
1 1 8f 32 
42be0c 
7a8f 53 
9e6aef 
96a049 
b5f 367 
4bea5e 
2aa  f  5a 
03af 5a 
60596c 
84a457 
46e186 
d4f 79c 
dc3889 
63ec  cb 
6da1b1 
f7763f 
d03b45 
9bd132 
2b9c48 
b94bc6 
8f06bc 
e59739 
0dda43 
1057bd 
765102 
555ac3 
3d5c7c 
874d41 
7b4bf e 
b0403f 
4d4680 
986245 
4664f a 
438033 
89868c 
1 f 8d4d 
f08bf2 
81ac07 
88a365 
61737c 
0aaf 5a 
bee2  c6 
79af 5a 
aa0f 89 
b291 14 
f34a4b 
432dd5 
33c652 
6aed26 


C1  

*  :  in 

SEARCH-OUT 

•  :  out 

CLEAR-SEARCH  • • 

-  -  -   > 

SELECT-ONE  * • > 
DATAO  

:  out 
■  :  out 

•••■); 

end  component 


component  UPI 
port(  --RST-N 


s t d- Log i c-vec tor ( 63  downto  0) 
•std-Logic; 

out  '••■std-logic; 
•std-logic; 
s t d- L og i c-vec t or ( 7  downto  0) 


BOARD-EN  : 

ALE  : 

ADDSEL1  : 

WRB  : 

RDB  : 

ADDSEL2  : 

AA-IN  : 

ADDR  : 

CHIP-ID  : 

SELECT-ONE  : 

SEARCH-IN  : 

SEARCH-OUT  : 

CLEAR-SEARCH  •  •  >  : 

EXTRA-XOR  : 

USE-CBC  : 

CHIP-AA-OUT  •  •  •  >  : 
AA-OUT  : 


.XOR-MASK 

.BYTE-MASK 

.VECTOR 


DR-KEY0 

DR-KEY1 

DR-KEY2 

DR-KEY3 

DR-KEY4 

DR-KEY5 

DR-KEY6 

DR-KEY7 

DR-KEY8 

DR-KEY9 

DR-KEY10 

DR-KEY11 

DR-KEY12 

DR-KEY13 

DR-KEY14 

DR-KEY1 5 

DR-KEY16 

DR-KEY17 

DR-KEY18 

DR-KEY19 

DR-KEY20 

DR-KEY21 

DR-KEY22 

DR-KEY23 

TAI 

TAO 


end  component; 

begin 
UPI0:  UPI 
port  map ( 

RST-N  •  • 

BOARD-EN 

ALE 


1  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
OUT 
i  n 
i  n 
out 
out 
out 
out 


out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

i  n 

out 


std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 


s  t 
s  t 

St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
St 
S  t 
St 
St 
St 

s  t 

St 
St 
St 

std-L 
•  std- 


ogu; 

ogic; 

ogi  c; 

ogi  c; 

ogic; 

ogi  c; 

ogic; 

ogi  c  ; 

ogi  c-vector(7 

ogic-vector(7 

ogi  c-vector(23 

og  i  c-vec tor ( 23 

ogi  c-vec  tor ( 23 

ogi  c-vec tor ( 23 

ogic; 

ogic; 

ogic; 

ogic; 


downto  I 
downto  I 
downto 
downto 
downto 
downto 


); 

); 

0); 

0); 

0); 

0); 


Logic 


i c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c-vec 
i  c_vec 
i  c-vec 
i  c-vec 
i  c_vec 
i  c-vec 
i  c-vec 
i  c-vec 
vector 
-vec  to 


tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

tor 

(7  d 

r(7 


63  down 
7  down  t 
255  dow 
63  down 
63  down 

•  down 

•  down 

-  down 

•  down 

•  down 

■  down 

•  down 

•  down 

-  down 

•  down 
-down 

■  down 

•  down 

•  down 

■  down 

•  down 

•  down 

•  down 

•  down 

•  down 

-  down 

■  down 

•  down 

■  down 
own  to  0 
downto 


to  0 
o  0) 
n  t  o 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
to  0 
); 
0) 


>  RST-N, 

>  BOARD-EN 

>  ALE, 
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a9d50f  ADDSEL1  =>  ADDSEL1, 

1b14b5  WRB  =>  WRB, 

b07402  RDB  =>  RDB, 

0aa93e  ADDSEL2  =>  ADDSEL2, 

2e9c40  ADDR  =>  ADDR, 

a39156  CHIP-ID  =>  CHIP-ID, 

a3b23e  SEARCH-IN  ■■■■>    =>    SEARCH-IN, 

ed0bbe  SELECT-ONE  •>    =>  SELECT-ONE, 

32c3de  SEARCH-OUT  •-••>=>  SEARCH-OUT, 

657dc4  EXTRA-XOR  >     =>  EXTRA-XOR, 

2d4a03  USE-CBC  •  •••>    =>  USE-CBC, 

a80130  CLEAR-SEARCH  •  -  •  =>  CLEAR-SEARCH, 

244f03  AA-IN  ••••>       =>  AA-IN, 

772945  AA-OUT  >     =>  AA-OUT, 

014dfc  CHIP-AA-OUT  •••>=>  CHIP-AA-OUT, 

59af 5a 

0a0949  PT-XOR-MASK  -••-=>  PT-XOR-MASK, 

ea084d  PT-BYTE-MASK     =>  PT-B YT E-M A S K, 

1e415b  PT-VECTOR  =>  PT-VECTOR, 

15cc6e  C0  =>  C0, 

463f  ef  C1  =>  C1  , 

f36a1c  ADDR-KEY0  =>  ADDR_KEY(0)  , 

9b6523     ADDR-KEY1     =>     ADDR-KEYd)     , 

d67462  ADDR-KEY2  =>  ADDR-KEYC2)  , 

437b5d  ADDR-KEY3  =>  ADDR-KEY(3)  , 

e356e0  ADDR-KEY4  =>  ADDR-KEY(4)  , 

f259df  ADDR-KEY5  =>  ADDR_KEY(5)  , 

a6489e  ADDR-KEY6  =>  ADDR-KEY(6)  , 

9947a1  ADDR-KEY7  =>  ADDR-KEY(7)  , 

1013e4  ADDR-KEY8  =>  ADDR-KEY(8)  , 

1b1cdb  ADDR-KEY9  =>  ADDR-KEY(9)  , 

d0f618  ADDR-KEY10  =>  A  D  D  R-KE  Y  (  1  0  )  , 

bab1e7  ADDR-KEY11  =>  A  D  D  R-KE  Y  (  1  1  )  , 

f979e6  ADDR-KEY12  =>  A  D  D  R-KE  Y  (  1  2  )  , 

aa3e19  ADDR-KEY13  =>  AD  D  R-KE  Y  ( 1  3  )  , 

dce1f5  ADDR-KEY14  =>  A D D R-KE Y ( 1 4  )  , 

a8a60a  ADDR-KEY15  =>  A  D  D  R-KE  Y  ( 1  5  )  , 

d06e0b  ADDR-KEY16  =>  A  D  D  R-KE  Y  ( 1  6  )  , 

8e29f4  ADDR-KEY17  =>  A  D  D  R-KE  Y  ( 1  7  )  , 

e6d9c2  ADDR-KEY18  =>  A  D  D  R-KE  Y  ( 1  8  )  , 

8b9e3d  ADDR-KEY19  =>  A  D  D  R-KE  Y  ( 1  9  )  , 

96e759  ADDR-KEY20  =>  A  D  D  R-KE  Y  (  20  )  , 

bfa0a6  ADDR-KEY21  =>  A  D  D  R-KE  Y  (  2  1  )  , 

4168a7  ADDR-KEY22  =>  AD  D  R-KE  Y  (  22  )  , 

e12f58  ADDR-KEY23  =>  A  D  D  R-KE  Y  (  23  )  , 

a70cd  DATAI  =>  DATAI, 

e15edf  DATAO  =>  DATAO 

0f 737c  ); 

a3a  f  5a 

2b5  3  56  

fa1c46  gen0:  for  i  in  0  to  23  generate 
3601bf  SEARCH-UNITX:  SEARCH-UNIT 

c72b2b  port  map(CLK  =>  CLK, 

57a41e  RST-N  =>  RST-N, 

528a27  WRB  =  >  WRB, 

b87e43  RDB  =>  RDB, 

0aba0c  PT-BYTE-MASK  ••••=>  PT-BYTE-MASK, 

ecda55  PT-XOR-MASK  =>  PT-XOR-MASK, 

17b2a2  SEARCH  =>  S E A R C H- I  N ( i  )  , 

a8e424  SELECT-ONE  =>  S E LE C T-ON E  (  i  )  , 

c964e3  ADDR-KEY  =>  ADDR-KEY(i), 

2ff394  EXTRA-XOR  t>  =>  EXTRA-XOR, 

7b93d0  USE-CBC  >     =>  USE-CBC, 

62d83c  • 

4b0cc1  DATAI  =>  DATAI, 

6bc7fa  PT-VECTOR  =>  PT-VECTOR, 

408f81  C0  =>  C0, 

eb5c94  C1  =>  C1, 

fd082a  SEARCH-OUT  =>  S  E  ARC  H-OUT  (  i  )  , 

d7b652  CLEAR-SEARCH  • • • • =>  C L E AR-S E A R C H  (  i  ) 

2e5edf  DATAO  =>  DATAO 

5d737c  ••••); 
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fc7522  end  generate  ; 

75  5  356  

722595  • DATAI  <=  DATA; 

6b598a  -DATA  <=  DATAO  when  (RDB  =  '0'  and  ADDSEL2  =  '0')  else  (others  =>  'Z'); 

92b08a  end  beh; 

f 05  3  56  

17af5a 
5aa  f  5a 
2f af 5a 
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bb997d 
aa533a 
f06e63 
704774 
b65356 
407f af 
6411e9 
b3da83 
a0e1 05 
325356 
4be38a 
0eaf 5a 
31cba7 
392d12 
227852 
3a61d0 
3a3455 
44c402 
f 200c5 
69f f 5d 
37a88e 
ec8827 
70b08d 
30c3c4 
5bf 5bb 
c9af 5a 
68b93c 
6977f0 
896aef 
09a049 
121892 
dd57ed 
c346a7 
077409 
ca9c20 
a15335 
0ae24a 
78af 30 
ef78be 
4935c4 
b9df b3 
f692c9 
164547 
e9083d 
4299b8 
dad4c2 
b9593c 
7e5f83 
5b5442 
3252fd 
9343c0 
b2457f 
934ebe 
344801 
1c6cc4 
956a7b 
ab8eb2 
3c880d 
2c83cc 
218573 
477bf e 
555cbe 
c3737c 
4f af 5a 
a0af 5a 
782f c5 
08af 5a 
f35356 
d17b89 
605356 
94af 5a 
70af 5a 


Author  •  •  •  •  • 

Date  

Descriptioni 


Tom  Vu 
09/19/97  • 

UProcessor 


interface 


Library  ieee; 

use  IEEE. std-logic-1164. all; 
use  IEEE. std-logic-arith. all; 
use  I EEE . s t d- I  og i c-un s i gned  .  a  I  I 


entity  UPI  is 


port( 


RST-N  

BOARD-EN  •  •  • 

ALE  

ADDSEL1 

WRB  

RDB  

ADDSEL2  

AA-IN  

ADDR  > 

CHIP-ID 
SEARCH-OUT  ■ 
CLEAR-SEARCH 
SELECT-ONE  • 


^  n 
i  n 
i  n 
i  n 
i  n 
i  n 


i  n 


AA- 

CHI 

EXT 

USE 

SEA 

PT- 

PT- 

PT- 

C0 

C1 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

ADD 

DAT 

DAT 


OUT  

P-AA-OUT 
RA-XOR  •  • 

-CBC  

RCH-IN  -  - 
XOR-MASK 
BYTE-MASK 
VECTOR  ■ • 


R-KEY0 

R-KEY1 

R-KEY2 

R-KEY3 

R-KEY4 

R-KEY5 

R-KEY6 

R-KEY7 

R-KEY8 

R-KEY9 

R-KEY10 

R-KEY11 

R-KEY12 

R-KEY13 

R-KEY14 

R-KEY1 5 

R-KEY16 

R-KEY17 

R-KEY18 

R-KEY19 

R-KEY20 

R-KEY21 

R-KEY22 

R-KEY23 

AI 

AO 


out 

out 

out 

out 

OUT 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

i  n 

out 


• ) 


end  UPI; 


std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 

i  n 
std- 

std- 
std- 
std- 
std- 
■  std 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 
std- 


ogi 
ogi 
og  i 
og  i 
og  i 
ogi 
ogi 
og  i 
og  i 
og  i 
ogi 

og  i 


-vector(7  downto  0); 
-vector(7  downto  0); 
-vector(23  downto  0); 
td-  log i c-vector ( 23  downto  0) 
-vector(23  downto  0); 


ogi  c 
ogi  c 
ogi  c 
og  i  c 
I  og  i 
og  i  c 
ogi  c 
ogi  c 
og  i  c 
og  i  c 
ogi  c 
ogi  c 
ogi  c 
og  i  c 
ogi  c 
ogi  c 
ogi  c 
ogi  c 
og  i  c 
og  i  c 
ogi  c 
ogi  c 
og  i  c 
og  i  c 
og  i  c 
ogi  c 
ogi  c 
og  i  c 
og  i  c 
og  i  c 
ogi  c 
ogi  c 
ogi  c 
og  i  c 
og  i  c 
og  i  c 


c-vec  t o 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 
-vector 


r(23 
63  d 
7  do 
255 
63  d 
63 
6 


downto 
own  to  0 
wn to  0 ) 
downto 
own  to  0 
own  to  0 
own  to  0 
own  to  0 
own  to  0 
ownto  0 
ownt o  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
ownto  0 
wn t o  0  ) 
wn t o  0  ) 


architecture  beh  of  UPI  is 
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b1  1  f  14 
cf 1b46 
a9af 5a 
c00c34 
2b14be 
943782 
d5748f 
3eb47e 
c8af 5a 
83eccb 
c9a1b1 
59763f 
903b45 
7bd132 
449c48 
684bc6 
9506bc 
2c9739 
58da43 
b157bd 
0a5102 
645ac3 
785c7c 
844d41 
a34bf e 
ab403f 
2b4680 
446245 
5164f a 
378033 
02868c 
128d4d 
08a27f 
85737c 
3ae2c6 
a4d83c 
94af 5a 
5323a1 
3dcba7 
be1a55 
502b30 
d55697 
0d6737 
f 19760 
213782 
d14c8d 
d5b47e 
8b6ad7 
9bbe0c 
f 3053a 
bdf c73 
9f af 5a 
25bcc9 
b9ea5e 
dec420 
606aef 
43a049 
b3596c 
a1a457 
a8e186 
37f 79c 
2d3889 
774d79 
8660f 9 
5c737c 
15e2c6 
35af 5a 
23d83c 
b4af 5a 
6d9b9d 
be  c  ba  7 
85748f 


signal  S E ARC H- I  N-BAK 
signal  CHIP-EN  >> 

component  ADDR-KEY 
por t (  • • 

ADDSEL2  

CHIP-EN  

ADDR  ■ 


std. 
std. 


log i c-vec tor ( 23  -downto  0) 
I  o  g  i  c  ; 


ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

ADDR 

end  componen 


-KEY0 

-KEY1 

-KEY2 

-KEY3 

-KEY4 

-KEY5 

-KEY6 

-KEY7 

-KEY8 

-KEY9 

-KEY10 

-KEY1 1 

-KEY12 

-KEY13 

-KEY14 

-KEY1 5 

-KEY16 

-KEY17 

-KEY18 

-KEY19 

-KEY20 

-KEY21 

-KEY22 

-KEY23 

t  ; 


component  REG-RDWR 

port(  ■ • RST-N  

BOARD-EN  • 

ALE  

ADDSEL1  •  • 

WRB  

RDB  

ADDSEL2  •  • 

AA-IN  

ADDR  

CHIP-ID  •  • 

SEARCH-OUT 

SELECT-ONE 

SEARCH-IN 


CHIP-EN  

AA-OUT  

CHIP-AA-OUT 
EXTRA-XOR  • - 

USE-CBC  

PT-XOR-MASK 
PT-BYTE-MASK 
PT-VECTOR  • ■ 

C0  

C1  

DATAI  

DATAO  


)  ; 


end  component 


component  -START-REG 

port (  • - RST-N  

CHIP-EN  


i  n  ■ 

std-logic; 

i  n  • 

std-logi  c  ; 

i  n  • 

s t d- I og i c-vec t or ( 7  downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vec tor (6 

downto  0 )  ; 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0 )  ; 

out 

std-logi  c-vector(6 

downto  0  )  ; 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0  )  ; 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0); 

out 

std-logi  c-vector(6 

downto  0  ) 

i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 
i  n 

out 

out 

out 

out 

out 

out 

out 

out 

out 

out 

i  n 

out 


std-logi  c; 

std-logi  c; 

std-logi  c; 

std-logi  c  ; 

std-logi  c  ; 

std-logi  c; 

std-logi  c  ; 

std-logic; 

std-logic-vector(7  downto  0 )  ; 

std- log i c-vec tor ( 7  downto  0); 

std-logic-vector(23  downto  0 )  ; 

std-logic-vector(23  downto  0 )  ; 

•  s t d_  I  og i c_ve c t o r ( 23  downto  0) 

std-logi  c; 
std-logi  c; 
std-logi  c; 
std-logi  c; 
std-logi  c; 

std-logic-vector(63  downto  0); 
std-logic-vector(7  downto  0); 
std- log i c-vec tor ( 255  downto  0) 
std-logic-vector(63  downto  0); 
s t d- I og i c-vec t or ( 63  downto  0); 
s t d- I og i c-vec t o r ( 7  downto  0); 
std- log i c-vec tor ( 7  downto  0) 


std-logi  c; 
std-logi  c; 
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5  d  6  7  3  7  WRB  :  in  ••••std-logic; 

dd3782  ADDSEL2  :  in  -  •  •  •  s  t  d-  I  og  i  c  ; 

5cb47e  ADDR  :  in  ■  •  ■  •  std-Logic-vector(7  downto  0); 

5981d2  CLEAR-SEARCH  •••:  in  ••••std-logic-vector(23  downto  0  )  ; 

baaf  5a 

b58af1  SEARCH-IN  :  OUT  -  -  •  •  s  t  d-  L  og  i  c-ve  c  t  o  r  (  2  3  downto  0) 

1b25bf  DATAI  :  in  std-logi  c-vector(7  downto  0) 

ca737c  ••••); 
01e2c6  end  component; 
89af 5a 
3b0f89  begin 

37  5  3  56  

81e5b8  ADDR-KEYX  :  ADDR-KEY 
1 04a4b  port  map( 

4dc99d  ADDSEL2  =>  ADDSEL2, 

341404  CHIP-EN  =>  CHIP-EN, 

639c40  ADDR  =>  ADDR, 

88af 5a 

e7bffa  ADDR-KEY0  =>  ADDR-KEY0, 

2b4c7b  ADDR-KEY1  =>  ADDR-KEY1, 

8650e9  ADDR-KEY2  =>  ADDR-KEY2, 

bda368  ADDR-KEY3  =>  ADDR-KEY3, 

1d69cd  ADDR-KEY4  =>  ADDR-KEY4, 

cf9a4c  ADDR-KEY5  =>  ADDR-KEY5, 

f386de  ADDR-KEY6  =>  ADDR-KEY6, 

b3755f  ADDR-KEY7  =>  ADDR-KEY7, 

C01b85  ADDR-KEY8  =>  ADDR-KEY8, 

94e804  ADDR-KEY9  =>  ADDR-KEY9, 

db75b1  ADDR-KEY10  =>  ADDR-KEY10, 

028630  ADDR-KEY11  =>  ADDR-KEY11, 

239aa2  ADDR-KEY12  =>  ADDR-KEY12, 

C76923  ADDR-KEY13  =>  ADDR-KEY13, 

f1a386  ADDR-KEY14  =>  ADDR-KEY14, 

125007  ADDR-KEY15  =>  ADDR-KEY15, 

0a4c95  ADDR-KEY16  =>  ADDR-KEY16, 

bbbf14  ADDR-KEY17  =>  ADDR-KEY17, 

a3d1ce  ADDR-KEY18  =>  ADDR-KEY18, 

de224f  ADDR-KEY19  =>  ADDR-KEY19, 

12c236  ADDR-KEY20  =>  ADDR-KEY20, 

6b31b7  ADDR-KEY21  =>  ADDR-KEY21, 

e42d25  ADDR-KEY22  =>  ADDR-KEY22, 

792d66  ADDR-KEY23  =>  ADDR-KEY23 

30a8ec  >        ); 

41af 5a 

130fd0  REG-RDWRX  :  REG-RDWR 

c3b1c0  port  map(RST-N  =>  RST-N, 

c4c652  BOARD-EN  =>  BOARD-EN, 

8fed26  ALE  =>  ALE, 

53d50f  ADDSEL1  =>  ADDSEL1, 

bb14b5  WRB  =>  WRB, 

0c7402  RDB  =>  RDB, 

79c99d  ADDSEL2  =>  ADDSEL2, 

98c77b  AA-IN  =>  AA-IN, 

479c40  ADDR  =>  ADDR, 

639156  CHIP-ID  =>  CHIP-ID, 

59f877  SEARCH-OUT  =>  SEARCH-OUT, 

5e4270  SELECT-ONE  =>  SELECT-ONE, 

381fc9  SEARCH-IN  =>  S E A R C H- I N-B AK, 

19af 5a 

301404  CHIP-EN  =>  CHIP-EN, 

f3e285  AA-OUT  =>  AA-OUT, 

11750c  CHIP-AA-OUT  ■•-•=>  CHIP-AA-OUT, 

272b3b  EXTRA-XOR  =>  EXTRA-XOR, 

89b843  USE-CBC  =>  USE-CBC, 

320949  PT-XOR-MASK  •••-=>  PT-XOR-MASK, 

25084d  PT-BYTE-MASK  •  •  • =>  PT-B YT E-M AS K, 

f4415b  PT-VECTOR  =>  PT-VECTOR, 

accc6e  C0  =>  C0, 

313fef  C1  =>  C1, 

7ef6a8  DATAI  =>  DATAI, 

6a8c67  DATAO  =>  DATAO 

5b737c  •••■); 
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789938  START-REGX  :  -START-REG 

6cb1c0  port  map(RST-N  =>  RST-N, 

7d1404  CHIP-EN  =>  CHIP-EN, 

0414b5  WRB  =>  WRB, 

f1c99d  ADDSEL2  =>  ADDSEL2, 

bd9c40  ADDR  =>  ADDR, 

600130  CLEAR-SEARCH  •  •  • =>  CLEAR-SEARCH, 

38af 5a 

b71fc9  SEARCH-IN  =>  S E A R C H- I N-B A K, 

2a6bdf  DATAI  =>  DATAI 

d  7  7  3  7  c  ■•••); 

e689ea  SEARCH-IN  <=  SEARCH-IN-BAK; 

ecb08a  end  ben; 

c 95 356  

32af 5a 


Chip  Simulator  Source  Code 


This  chapter  contains  C-language  software  that  simulates  the  operation  of  the  cus- 
tom DES  Cracker  chip.  This  software  is  useful  for  showing  people  how  the  chip 
works,  and  to  make  test-vectors  to  let  machines  determine  whether  chips  are 
properly  fabricated. 

We  wrote  this  simulator  before  the  chip  was  designed,  to  explore  different  design 
ideas.  It  should  produce  results  identical  to  the  final  chips.  We  designed  it  for  clar- 
ity of  description,  and  flexibility  in  trying  out  new  ideas,  rather  than  speed.  If  you 
don't  understand  how  the  chip  works,  you  can  try  some  experiments  by  building 
this  software  on  an  ordinary  PC  or  Unix  machine  with  an  ordinary  C  compiler, 
such  as  Borland  C++  3.1. 

Building  physical  chips  is  an  error-prone  process.  Each  chip  might  be  contami- 
nated by  dust  or  flaws  in  the  silicon  materials.  There's  no  way  to  tell  whether  a 
given  chip  will  work  or  not,  without  trying  it  out.  So  chip-building  companies 
require  that  when  you  design  a  chip,  you  also  provide  test  vectors.  These  list  the 
voltages  to  put  on  each  input  pin  on  the  chip,  and  how  the  chip-testing  machine 
should  vary  them  over  time.  The  vectors  also  specify  exactly  what  output  signals 
the  chip-tester  should  be  able  to  measure  on  the  chip's  output  pins.  If  the  chip 
tester  feeds  all  the  input  signals  to  the  chip,  step  by  step,  and  sees  all  the  corre- 
sponding output  signals,  the  chip  "passes"  the  test.  If  any  output  signals  differ 
from  the  specification,  the  chip  "fails"  the  test  and  is  discarded. 

Passing  such  a  test  doesn't  prove  that  a  chip  has  been  fabricated  correctly.  It  only 
proves  that  the  chip  can  run  the  small  set  of  tests  that  the  designer  provided.  Cre- 
ating test  vectors  which  verify  all  parts  of  a  chip  is  an  art.  The  expense  of  testing  a 
chip  is  proportional  to  the  size  of  the  tests,  so  they  are  usually  short  and  direct. 
Thus,  they  also  act  as  small  examples  that  you  can  use  to  explore  your  under- 
standing of  how  the  chip  works. 

Chapter  4,  Scanning  the  Source  Code,  explains  how  to  read  or  scan  in  these  docu- 
ments. 
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— 9a44  0014b4364e180040001  Page  1  of  MANIFEST 

7bf681  1  MANIFEST 

63b635  2  README 

476ecc  3  blaze. scr 

8a49aa  4  cbd  .  sc  r 

581046  5  cbc2 . scr 

Ifeade  6  cbc3.scr 

868e30  7  des.c 

f3db2a  8  des.h 

bbf 31  a  9  ecb. scr 

039f 0d  10  mini.scr 

02ce39  11  mi  sc . c 

60fc96  12  mi  sc  .  h 

b5 1 b5d  13  random .scr 

c  f b60c  14  ref . c 

aa84bd  15  sim.c 

0beac5  16  sim.h 

4b2104  17  testvec.c 
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--926a  0011 c402f 8d80040002  Page  1  of  README 

e0af 5a 

3f1c37  testvec.c  (compile  with  sim.c  and  des.c):  -Generates  and  runs  test 

9a0001  vectors.  -This  program  will  both  run  existing  input  vectors,  or- 

08239f  generate  new  ones  (either  randomly  or  from  a  script).  'When  compiled 

c43481  under  DOS,  it  can  either  produce  Unix  (LF  only)  or  DOS  (CR/LF) 

37d2c3  output  files  (select  with  the  RAW  parameter) 

a1 af  5a 

26a7b8  To  run  the  ecb.scr  sample  script  and: 

473eef  --Store  test  vectors  which  go  to  the  chip  in  TOCHIP.EXT 

5b66ea  -Store  test  vectors  received  from  the  chip  in  FROMCH I P . EXT, 

0763b5  • ■ Produce  Unix-style  output  (LF  only) 

9e1741  --Store  debugging  output  in  debug. out. 

10af 5a 

f 46e57  •  •  -  -  rm  *. EXT 

a1f54e  •■■•testvec  TOCHIP.EXT  FROMCHIP.EXT  RAW  <  ecb.scr  >  debug. out 

c7ed9a  

1ff74b  If  TOCHIP.EXE  already  exists  when  the  program  is  run,  it  will 

917018  read  it  (instead  of  expecting  a  script  from  stdin). 

60af 5a 

b4a916  Use  the  script  random. scr  to  produce  a  random  test  vector,  e.g.: 

b7bdcd  ••••testvec  TOCHIP.EXT  FROMCHIP.EXT  RAW  <  random. scr  >  debug. out 

52af 5a 

d7ecf1  

b3af 5a 

4eaf 5a 

b0a8a2  ref.c  (compile  with  des.c  misc.c):  -Runs  test  scripts  (.scr  files) 

0b7e68  and  prints  any  keys  that  match.  -This  is  basically  a  stripped-down 

abd9fb  test  vector  generator  for  debugging  purposes.  -(It  doesn't  make  any 

9749f1  attempt  to  match  timings.) 

2caf 5a 

1 ca  f  5a 
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--a854  001 ab3b1 25780040003  Page  1  of  blaze. scr 


95a107 
2e79b3 
1  59ec4 
7e10d0 
690908 
9cb374 
ebed5e 
72af  2d 
a25b0d 
f  a2f  cc 
2b6f6b 
f  8af  5a 
49af 5a 
29c4d8 
84c98d 
b1422d 
89c4e2 
f 7e1db 
58e46f 
f  f0795 
505b42 
7f  a3b9 
f6f 44d 
ea8b9b 
aba  f  5a 


1  02  03  04  05  06  07  10  11  12  13  14  15  16  1720  21  22  23  24  25  26  2730  31  32  I 


33  34  35  36  3740  41 


3456789ABCDEF0 
3456789ABCDEF0 


1  

1  

01020304050607 
8000  


42  43  44  45  46  4750  51  52  53  54  55  56  57 

1  XOR  MASK 

1  Ciphertext  0 

1  Cipher-text  1 

1  Plaintext  byte  mask 

1  use  CBC 

1  extra  XOR 

1  don't  seed  PRNG  (use  this  input  file) 

1  starting  key 

1  number  of  clocks 


d6  e9  89  fa  ■  ' D E S_D E C R Y PT ( k  =  0 D02 03040 5 06 1 2 ,     c  =  1 2 34 5 6789 AB C D E F0  )  =B8  C0  1B  3E  35  I 

DB  2F  DE  00  01  02  03  04  05  06  07  08  09  0A  0B  0C  0D  0E  0F  10  11  12  13  14  I 

15  16  17  18  19  1A  1B  1C  1D  1E  1F  20  21  22  23  24  25  26  27  28  29  2A  2B  2C  2D  2E  21 
F30  31  32  33  34  35  36  37  38  39  3A  3B  3C  3D  3E  3F  40  41  42  43  44  45  46  47  48  49  I 
4A  4B  4C  4D  4E  4F50  51  52  53  54  55  56  57  58  59  5A  5B  5C  5D  5E  5F  60  61  62  63  641 
-65  66  67  68  69  6A  6B  6C  6D  6E  6F70  71  72  73  74  75  76  77  78  79  7A  7B  7C  7D  7E  71 
F  80  81  82  83  84  85  86  87  88  89  8A  8B  8C  8D  8E  8F90  91  92  93  94  95  96  97  98  99  I 
9A  9B  9C  9D  9E  9F  -A0  A1  A2  A3  A4  A5  A6  A7  A8  A9  AA  AB  AC  AD  AE  AFB0  B1  B2  B3  Bl 
4  B5  B6  B7  B8  B9  BA  BB  BC  BD  BE  BF  C0  C1  C2  C3  C4  C5  C6  C7  C8  C9  CA  CB  CC  CD  CEI 
■CFD0  D1  D2  D3  D4  D5  D6  D7  D8  D9  DA  DB  DC  DD  DE  DF  E0  E1  E2  E3  E4  E5  E6  E7  E8  El 
9  EA  EB  EC  ED  EE  EFF0  F1  F2  F3  F4  F5  F6  F7  F8  F9  FA  FB  FC  FD  FE- 
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— a728  0015c860f 9980040004  Page  1  of  cbd.scr 


00  01  02  03  04  05  06  07  08  09  0A  0B  0C  0D  0E  0F  10  11  12  13  14  15  16  17  18  19  11 
A  1B  1C  1D  1E  1F  20  21  22  23  24  25  26  27  28  29  2A  2B  2C  2D  2E  2F  30  31  32  33  34I 
•35  36  37  38  39  3A  3B  3C  3D  3E  3F  40  41  42  43  44  45  46  47  48  49  4A  4B  4C  4D  4E  I 
bc6d97  4F  50  51  52  53  54  55  56  57  58  59  5A  5B  5C  5D  5E  5F  60  61  62  63  64  65  66  67  68  61 
a1cb67  9  6A  6B  6C  6D  6E  6F  70  71  72  73  74  75  76  77  78  79  7A  7B  7C  7D  7E  7F  80  81  82  83I 
84  85  86  87  88  89  8A  8B  8C  8D  8E  8F  90  91  92  93  94  95  96  97  98  99  9A  9B  #9C  9DI 
9E  9F  A0  A1  A2  A3  A4  A5  A6  A7  A8  A9  AA  AB  AC  AD  AE  AF  B0  B1  B2  B3  B4  B5  B6  B7  I 


f64ce1 
b53734 
5f0653 


b32164 
d8a908 


babb7d  B8  B9  BA  BB  BC  BD  BE  BF  C0  C1  C2  C3  C4  C5  C6  C7  C8  C9  CA  CB  CC  CD  CE  CF  D0  D1  Dl 


54b467 

c890fe 

2f281f  37393b51def84190 

1810d0  123456789ABCDEF0 

596a3f  0102030405060708 


2  D3  D4  D5  D6  D7  D8  D9  DA  DB  DC  DD  DE  DF  E0  E1  E2  E3  E4  E5  E6  E7  E8  E9  EA  EB  ECI 
•ED  EE  EF  F0  F1  F2  F3  F4  F5  F6  F7  F8  F9  FA  FB  FC  FD  FE  FF 

XOR  MASK 

Ciphertext  0 

Ciphertext  1 

Plaintext  byte  mask 

use  CBC 

extra  XOR 

don't  seed  PRNG  (use  this  input  file) 

starting  key 

number  of  clocks 


b98c19  00  

56cdad  1  

b0d84f  0  

095b0d  1  

322fcc  01020304050607 

359df9  10000  

5caf 5a 
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~a112  00101ebc6db8( 


5  Page  1  of  cbc2.scr 


00  01  02  03  04  05  06  07  08  09  0A  0B  0C  0D  0E  0F  10  11  12  13  14  15  16  17  18  19  11 
A  1B  1C  1D  1E  1F  20  21  22  23  24  25  26  27  28  29  2A  2B  2C  2D  2E  2F  30  31  32  33  341 
•35  36  37  38  39  3A  3B  3C  3D  3E  3F  40  41  42  43  44  45  46  47  48  49  4A  4B  4C  4D  4E  I 
bc6d97  4F  50  51  52  53  54  55  56  57  58  59  5A  5B  5C  5D  5E  5F  60  61  62  63  64  65  66  67  68  61 
a1cb67  9  6A  6B  6C  6D  6E  6F  70  71  72  73  74  75  76  77  78  79  7A  7B  7C  7D  7E  7F  80  81  82  831 
237dda  -84  85  86  87  88  89  8A  8B  8C  8D  8E  8F  90  91  92  93  94  95  96  97  98  99  9A  9B  9C  9D  I 
23435f  9E  9F  A0  A1  A2  A3  A4  A5  A6  A7  A8  A9  AA  AB  AC  AD  AE  AF  B0  B1  B2  B3  B4  B5  B6  B7  Bl 
1ce1f9  8  B9  BA  #  BB  BC  BD  BE  BF  C0  C1  C2  C3  C4  C5  C6  C7  C8  C9  CA  CB  CC  CD  CE  CF  D0  D1  I 
80796d  D2  D3  D4  D5  D6  D7  D8  D9  DA  DB  DC  DD  DE  DF  E0  E1  E2  E3  E4  E5  E6  E7  E8  E9  EA  EB  El 
0b8b2a  C  ED  EE  EF  F0  F1  F2  F3  F4  F5  F6  F7  F8  F9  FA  FB  FC  FD  FE  FF 


f 64ce1 
b53734 
5f  0653 


56ac5f  423412341234123F 
0b327c  0000000000000000 
1578345691832465 

04  

1  


ee53f  1 
23e767 
20cdad 
00d84f 
795b0d 
12de95 
309df9 
01af 5a 


FFFFFFFFFFFFFi 

1 0000  


XOR  MASK 

Ciphertext  0 

Ciphertext  1 

Plaintext  byte  mask 

use  CBC 

extra  XOR 

don't  seed  PRNG  (use  this  input  file) 

starting  key 

number  of  clocks 
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3fb8  001348ab9e680040006  Page  1  of  cbc3.scr 


2c9f3b 
bd57bd 
1b6f b2 
6e57e8 
753dfa 
958c0a 
09fa11 
473f  52 
638b27 
3745a7 
1d2ba4 
d6b12c 
72cdad 
37d84f 
e85b0d 
afa481 
e49df9 
34af 5a 


00  01  02  03  04  05  07  08  09  0D  0E  0F  10  11  12  14  15  17  1A  1B  1C  1D  1F  20  21  24  21 
5  28  29  2A  2B  2C  2E  30  31  32  35  36  37  39  3A  3C  3D  3E  40  42  43  44  45  48  49  4A  4BI 
•4C  4F  50  51  53  54  56  57  58  59  5C  5D  5F  61  62  63  64  66  67  69  6B  6C  6D  6F  70  71  I 
72  73  77  78  7A  7B  70  7E  7F  80  82  86  87  89  8A  8B  8C  8D  8E  90  92  93  94  95  97  98  91 
9  9A  9B  9E  9F  A0  A2  A3  A4  A5  A6  A8  AA  AC  AD  AE  AF  B0  B1  B3  B4  B7  B8  B9  F8  F9  FAl 
• FB  FC  FD  FF  BB  BC  BD  BE  C0  C1  C3  C5  C6  C7  C8  C9  CA  CB  CC  CD  CE  CF  D0  D1  D2  D3  I 
D4  D5  D6  D7  D8  D9  DA  DB  DC  DD  DE  DF  E0  E1  E2  E3  E4  ft  E5  E6  E7  E8  E9  EA  EB  EC  EDI 
•EE  EF  F0  F1  F2  F3  F4  F5  F6  F7  F8  F9  FA  FB  FC  FD  FE  FF 


0124801248012480 
FFFFFFFFFFFFFFFF 


XOR  MASK 

Ciphertext  0 

Ciphertext  1 

Plaintext  byte  mask 

use  CBC 

extra  XOR 

don't  seed  PRNG  (use  this  input  file) 

starting  key 

numbe  r  of  clocks 
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Software  Model  of  ASIC  DES  Implementation.  * 

* 

Written  by  Paul  Kocher,  Tel:  415-397-0111,  Email:  pauiacryptography.com  ■* 
* 

***************************************************************** 


IMPLEMENTATION  NOTES 


This  DES  implementation  adheres  to  the  FIPS  PUB  46  spec  and  produces 
standard  output.  -The  internal  operation  of  the  algorithm  is  quite  • 
different  from  the  FIPS.  -For  example,  bit  orderings  are  reversed  ■■ 
(the  right-hand  bit  is  now  labelled  as  bit  0),  the  S  tables  have  ••■ 
rearranged  to  simplify  implementation,  and  several  permutations  have 
been  inverted.  -No  performance  optimizations  were  attempted.  


REVISION  HISTORY 


*  ■ -Version  1.0: 

*  ■ -Version  1.1: 

*  • -Version  1.2: 

******•**********: 


#include    <stdio.h> 
//include    <stdlib.h> 
//include    <string.h> 
//include     "des.h" 


b787  000d22ad6f 780040007  Page  1  of  des.c 


8d2d03 
d729eb 
b2074d 
4a29eb 
9f 9048 
ce29eb 
e7489b 
de29eb 
c515cb 
3429eb 
987602 
a90da9 
9a876e 
a41be6 
06b9c7 
44966d 
1829eb 
3e489b 
aa29eb 
496eef 
ba29eb 
0bc443 
d7b74c 
fa5c27 
e0d8c3 
9aaf 5a 
a8af 5a 
00f eb2 
a3bea3 
94324c 
e92bac 
f baf 5a 
f 77461 
6d84a3 
57ccf a 
741 504 
1 c07da 
f e017b 
ef94f e 
7f 7f ae 
25abe7 
fdfd9c 
662f 30 
ad43bc 
39af 5a 
ef c223 
f 5af 5a 
7caf 5a 
84af 5a 
d84d6c 
a5c68f 
033c1a 
14c68f 
264d6c 
6faf 5a 
76af 5a 
8838e5 
aa  5  56a 
30495d 
09c166 
829d69 
10c827 
4b38ae 
2b6de0 
f 5b247 
c7e709 
28829e 
481 1 f f 
2882f 7 
39af 5a 
95af 5a 
d238e5 


*************•**: 


************** 


Initial  release  •--  PCK.  

Altered  DecryptDES  exchanges  to  match  EncryptDES 
Minor  edits  and  bea u t i f i c a t i ons  .  • --  PCK  

************************************************* 


—  PCK 


*/ 


stat  i 
stati 
sta  t  i 
stati 
stati 
stati 
stati 
stati 
stati 
stati 
stati 
stati 


void 
void 
void 
voi  d 
voi  d 
voi  d 
voi  d 
vo  i  d 
void 
voi  d 
void 
void 


ComputeRoundKeyCbool  roundKeyC56D,  bool  keyL"56]); 
RotateRoundKeyLeftCbool  roundKey[56D); 
RotateRoundKeyRightCbool  roundKeyC56]); 
ComputelPCbool  LC32],  bool  R  L"  3  2  ]  ,  bool  i  n  B  I  k  L"  6  4  II  )  ; 
ComputeFPCbool  outBlk[64],  bool  LC32D,  bool  R  C  3  2  ]  )  ; 
ComputeF (boo  I  foutC32D,  bool  RC323,  bool  roundKey C 56]  ) 
ComputeP(bool  outputC32],  bool  inputC32]); 
ComputeS_Lookup(int  k,  bool  outputC4],  bool  inputC6]); 
ComputePC2(bool  subkeyC48],  bool  roundKeyC56]); 
ComputeExpansionE(bool  expandedBlockC48],  bool  R  C  3  2  ]  )  ; 
DumpBin(char  *str,  bool  *b,  int  bits); 
Exchange_L_and_R(bool  LC32],  bool  RC32]); 


int  E na b  I  e D umpB i n  = 


/ 
sta 


************************************************************* 


DES  TABLES 


IP:  Output  bit  tab  I  e_DES_I PC i  ]  equals  input  bit 


tic  int 

tab  I 

;_DES_IP 

164] 

=  -c 

■39,  -7, 

47, 

15,  55, 

23, 

63, 

31, 

■38,  -6, 

46, 

14,  54, 

22, 

62, 

30, 

•  37,  •  5, 

45, 

13,  53, 

21, 

61, 

29, 

•36,  -4, 

44, 

12,  52, 

20, 

60, 

28, 

•35,  -3, 

43, 

11,  51, 

19, 

59, 

27, 

•34,  -2, 

42, 

10,  50, 

18, 

58, 

26, 

•  33,  ■  1, 

41, 

•9,  49, 

17, 

57, 

25, 

•32,  -0, 

40, 

•8,  48, 

16, 

56, 

24 
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ac48ca 
c0495d 
2ddd2a 
675b71 
768cd9 
b79996 
93b571 
040e3f 
62d997 
f 5ccd8 
664da9 
2d82f7 
7baf 5a 
b0af 5a 
0f38e5 
85da05 
da495d 
a40c38 
0db89e 
bb28e4 
cf8d2c 
ce1d56 
62bf91 
d72f eb 
b491e6 
b0d02f 
1782f7 
67af 5a 
16af 5a 
b638e5 
2af37a 
89495d 
097f cf 
e98889 
1b30a5 
893fa5 
dee272 
566356 
ab7786 
2a82f7 
11af 5a 
c0a  f  5a 
2238e5 
9adb31 
35495d 
846a87 
78e6fb 
fa2634 
16d06b 
117fa0 
184d0d 
139708 
8a82f7 
79af 5a 
cda  f  5a 
a738e5 
69c34a 
ea495d 
745137 
aaf612 
3fb9f8 
8f cde3 
d560a7 
8482f7 
79af 5a 
8eaf 5a 
d038e5 
2b6f34 
d2495d 
b71e19 
8bd69a 
e1846d 


/ 
stat 


FP:  Output  bit  t ab I e_DE S- FP[ i 1    equals  input  bit 


ic  int  table^DES^FPC64] 


57, 
59, 
61, 
63, 


49 
51. 
53, 
55, 


43 
45 
47 
56,  48,  40 
58,  50,  42 
60,  52,  44 


41,  33,  25,  17,  -9, 

35,  27,  19,  11 
37,  29,  21,  13 
39,  31. 
32,  24, 
34,  26, 

36,  28. 


62,  54,  46,  38,  30, 


23 

16 
18 
20 
22 


/ 
sta 


PC1 :  Permutation  choice  1,  used  to  pre-process  the  key 


ti  c 

•  27, 
'  26, 
'  25, 

•  24, 
•23, 
•22, 
•21, 
■  20, 


int  table^DES„PC1  [56D  =  -C 

19,  11,  31,  39,  47,  55, 

18,  10,  30,  38,  46,  54, 

17,  -9,  29,  37,  45,  53, 

16,  -8,  28,  36,  44,  52, 

15,  -7,  -3,  35,  43,  51, 

14,  -6,  -2,  34,  42,  50, 

13,  -5,  -1,  33,  41,  49, 

12,  -4,  -0,  32,  40,  48 


>/ 


/ 
sta 


>; 


/ 
static  int  t ab L e-DES-E C48  ]  =  { 


•PC2:  Map  56-bit  round  key  to  a  48-bit  subkey 

tic  int  tabLe-DES-PC2C48:  =  -C 

■24,  27,  20,  -6,  14,  10,  -3,  22, 

12,  -8,  23, 

•9,  19,  25, 

29,  49,  40, 

33,  46,  35, 

55,  32,  45, 


E:  Expand  32-bit  R  to  48  bits. 


•  0, 

17, 

•7 

16, 

26, 

■  1 

54, 

43, 

36 

52, 

44, 

37 

28, 

53, 

51 

11, 

•5, 

'  4, 

15, 

48, 

30, 

50, 

41, 

39, 

42 

}; 


•  6, 
12. 
16. 
22, 


•1,  '2. 

•7,  -8, 

11,  12. 

17,  18, 


•3, 
■7, 
13, 
19, 


■  4 

14. 

20. 


■  3 
•  9 
15, 
19, 


23,  24,  23,  24,  25, 


28,  27,  28,  29,  30,  31, 


•  4, 
10, 
16, 
20, 
26, 


•*  -P:  Permutation  of  S  table  outputs 

•  */ 

static  int  t  ab  I  e^DES-PC  32  ]  =  -C 

11,  17,  -  5,  27,  25,  10,  20,  -0, 

13,  21,  -3,  28,  29,  -7,  18,  24, 
31,  22,  12,  -6,  26,  -2,  16,  -8, 

14,  30,  -4,  19,  -1,  -9,  15,  23 
>; 


■*  -S  Tables:  Introduce  nonlinearity  and  avalanche 

■  */ 

static  int  t ab I e-OES.S C8  ]  [ 64]  =  { 

•-■■/*  table  SC0D  */ 

-C  --13,  -1,  -2,  15,  -8,  13,  -4,  -8, 


10,  15 


1  1 
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f 065af 
12d5b0 
5a3ee1 
d0d2b1 
8b4b6a 
0cdf 4d 
8bf 575 
cf 6234 
38decc 
7df 108 
a3d582 
fd0bbf 
137505 
9f dae7 
f35c4d 
2c01 56 
def 5dc 
62d332 
97c636 
d74850 
aef 1 a6 
5af 43f 
87d830 
f bc21d 
e2ea9b 
35bd2c 
55d567 
9b8261 
09ce60 
f ea636 
baa  c1 c 
677311 
f8b1aa 
dca4b 
e8cf66 
e3aa  cb 
f a2f 45 
252777 
0d82f7 
44af 5a 
88af 5a 
leaf  5a 
51af 5a 
be4d6c 
25c68f 
4e  c  a  bf 
77c68f 
494d6c 
e8af 5a 
8aaf 5a 
9138e5 
1  1b080 
65770b 
1e495d 
5a5620 
d72b1 c 
3a9aa1 
1cbf af 
24af 5a 
eb94e2 
ebcb2a 
558f b2 
bc0a8e 
8a5585 
eea  f  5a 
f4dbe 
53b264 
86af 5a 
6795d4 
070a5f 
09af 5a 
be1 340 


tab 


tab 
{ 


tab 
{ 


tab 
{ 


Le 


le 


Le 


Le 


table 


table 


tab 


0,  12,  • 9, 

5, 

-  3, 

'  6, 

14, 

1  1, 

•  5, 

•  0, 

0, 

14, 

12, 

•  9, 

■  7, 

•  2, 

7,  -  2,  11, 

1  , 

•4, 

14, 

•  1  , 

•  7, 

•  9, 

'  4, 

2, 

10, 

14, 

'  8, 

•  2, 

13, 

0,  15,  • 6, 

2, 

10, 

•  9, 

13, 

'  0, 

15, 

•  3, 

3, 

-  5, 

•  5, 

•  6, 

•8, 

1  1 

>, 

sen  */ 

4,  13,  11, 

0, 

■  2, 

1  1  , 

14, 

-  7, 

15, 

•  4, 

0, 

•9, 

•8, 

-  1  , 

13, 

10, 

3,  14,  12, 

3, 

•9, 

-  5, 

•  7, 

12, 

■  5, 

■  2, 

0, 

15, 

•  6, 

■8, 

-  1, 

■  6, 

1  ,  -6,  -4, 

1, 

11, 

13, 

13, 

■8, 

12, 

•  1, 

3, 

•  4, 

•  7, 

10, 

14, 

•  7, 

0,  -9,  15, 

5, 

•6, 

•0, 

•8, 

15, 

-  0, 

14, 

5, 

•  2, 

•  9, 

-  3, 

•2, 

12 

>, 

SC2D  */ 

2,  10,  -1, 

5, 

10, 

•  4, 

1  5, 

-  2, 

■  9, 

•  7, 

2, 

12, 

■  6, 

•9, 

•  8, 

•  5, 

0,  -6,  13, 

1  , 

•  3, 

13, 

•  4, 

14, 

14, 

•  0, 

7, 

1  1  , 

-  5, 

•3, 

11, 

■  8, 

9,  -4,  14, 

3, 

15, 

■2, 

•5, 

12, 

•  2, 

•  9, 

8, 

•  5, 

12, 

15, 

•3, 

10, 

7,  11,  -0, 

4, 

•4, 

•1, 

10, 

-7, 

•  1, 

•  6, 

3, 

-  0, 

1  1  , 

•  8, 

"6, 

13 

>, 

SC33  */ 

2,  14,  12, 

1  , 

■  4, 

■  2, 

•  1  , 

12, 

■  7, 

•  4, 

0, 

•  7, 

1  1  , 

13, 

•  6, 

•  1, 

8,  -5,  • 5, 

0, 

•  3, 

1  5, 

1  5, 

10, 

13, 

■  3, 

0, 

•  9, 

14, 

•  8, 

•9, 

•  6, 

4,  11,  -2, 

8, 

•  1, 

12, 

11, 

-  7, 

10, 

■  1, 

3, 

14, 

-  7, 

•2, 

•8, 

13, 

5,  -6,  -9, 

5, 

12, 

•0, 

•5, 

■9, 

'  6, 

10, 

3, 

'  4, 

•0, 

•  5  , 

14, 

•  3 

>, 

SC4]  */ 

7,  13,  13, 

8, 

14, 

1  1  , 

■  3, 

-  5, 

•0, 

•  6, 

6, 

15, 

•9, 

■0, 

10, 

•  3, 

1  ,  -4,  -  2, 

7, 

'  8, 

•  2, 

•  5, 

12, 

11, 

•  1  , 

2, 

10, 

•4, 

14, 

15, 

■9, 

0,  -3,  • 6, 

5, 

•  9, 

•  0, 

•  0, 

'  6, 

12, 

10, 

1  , 

•  1  , 

■  7, 

13, 

13, 

•8, 

5,  -9,  -1, 

4, 

•3, 

■5, 

14, 

1  1  , 

•  5, 

12, 

2, 

.  7  f 

•  8, 

•  2, 

■  4, 

14 

>, 

SC5]  */ 

0,  13,  -0, 

7, 

•  9, 

•0, 

14, 

•9, 

•6, 

•3, 

3, 

■4, 

15, 

'  6, 

•  5, 

10, 

1,  "2,  13, 

8, 

12, 

•  5, 

•7, 

14, 

11, 

12, 

4, 

1  1  , 

•2, 

15, 

-  8, 

•  1, 

3,  ■ 1 ,  -6, 

0, 

■  4, 

13, 

•  9, 

'  0, 

•  8, 

•6, 

5, 

•  9, 

•  3, 

•8, 

•0, 

■7, 

1,  -4,  •  1  , 

5, 

•  2, 

14, 

12, 

■  3, 

•  5, 

11, 

0, 

•  5, 

14, 

•  2, 

•7, 

12 

>, 

SC6]  */ 

5,  -3,  -1, 

3, 

•8, 

•4, 

14, 

•7, 

'  6, 

15, 

1  , 

■2, 

•3, 

•8, 

•  4, 

14, 

9,  12,  -7, 

0, 

'2, 

•1, 

13, 

10, 

12, 

•6, 

0, 

•9, 

•5, 

1  1  , 

10, 

•5, 

0,  13,  14, 

8, 

■  7, 

10, 

1  1  , 

•  1  , 

10, 

•  3, 

4, 

15, 

13, 

•4, 

•  1, 

•2, 

5,  11,  -8, 

6, 

12, 

■  7, 

•  6, 

12, 

■  9, 

•  0, 

3, 

-  5, 

-  2, 

14, 

15, 

•  9 

>, 

SH7]  */ 

4,  -0,  • 4, 

5, 

13, 

•  7, 

•  1  , 

■  4, 

•  2, 

14, 

5, 

•  2, 

1  1  , 

13, 

•  8, 

■  1  , 

3,  10,  10, 

6, 

•  6, 

12, 

12, 

1  1  , 

-  5, 

•  9, 

9, 

'5, 

•  0, 

•  3, 

•  7, 

•  8, 

4,  15,  ■  1  , 

2, 

14, 

■8, 

'8, 

■  2, 

13, 

*  4, 

6, 

•9, 

•2, 

■  1, 

11, 

•7, 

5,  -5,  12, 

1, 

'9, 

•3, 

•7, 

14, 

•3, 

10, 

0, 

•  0, 

•5, 

•6, 

•0, 

13 

} 

**************: 


******************* 


DES  CODE 


******* 


********** 


EncryptDES:  Encrypt  a  block  using  DES.  Set  verbose  for  debugging  info. 
(This  loop  does  both  loops  on  the  "DES  Encryption"  page  of  the  flowchart.) 

void  Enc rypt DES ( boo  I  keyC56D,  bool  ou  t  B  I  kL~  64  ]  ,  bool  inBlkL64],  int  verbose)  { 
int  i, round; 

bool  RC32],  L[32],  foutC32]; 
bool  roundKeyC563; 


EnableDumpBin  =  verbose;  /*  set  debugging  on/off  flag  */ 

DumpBin("input(left)",     inBlk+32,    32); 
DumpBin("input(right)",     inBlk,    32); 
DumpBin("raw    key (Left     )",     key+28,     28); 
DumpBinC'raw    key(right)",     key,     28); 

/*  Compute  the  first  roundkey  by  performing  PC1  */ 
ComputeRoundKey(roundKey,  key); 

DumpBin("roundKey(D",  roundKey  +  28,  28); 
DumpBin("roundKey(R)",  roundKey,  28); 

/*  Compute  the  initial  permutation  and  divide  the  result  into  L  and  R  */ 
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d8d1a8 
c8af 5a 
b277ba 
4b7699 
56af 5a 
44f 437 
d221bf 
5f91a0 
aa8034 
ec8117 
d8af 5a 
f27f  c3 
3ec8ba 
031467 
9650e7 
dd3cd7 
3f 1bd4 
8baf 5a 
2a033b 
73d969 
1054e7 
834739 
eaa9e6 
a  ca  5a  b 
92af 5a 
8f68b4 
c2af 5a 
a5a140 
9da063 
0c21bf 
ee4514 
bedf 1c 
39af 5a 
f08e68 
7baf 5a 
a7370b 
e3cf94 
668b91 
a4f675 
f fefe6 
bbaf 5a 
64af 5a 
1faf 5a 
2638e5 
c19b68 
83a5c7 
7e495d 
c36de8 
c02b1 c 
a89aa1 
52bfaf 
87af 5a 
6e94e2 
e2cb2a 
ef8fb2 
340a8e 
ed5585 
9faf 5a 
3ac1be 
20b264 
a  fa  f  5a 
c595d4 
c90a5f 
f4af  5a 
311340 
03d1a8 
a8af 5a 
c277ba 
2f7699 
a6a  f 5a 
1bf437 
4f21bf 


ComputeIP(L, R, inBlk); 

DumpBinC  after  IP(D" 
DumpBinC  after  IP(R)" 


32); 
32); 


for  (round  =  0;  round  <  16;  round  +  +)  -C 
if  (verbose) 

•*printf(" BEGIN  ENCRYPT  ROUND  %d 

DumpBin(" round  start(L)",  L,  32); 
DumpBin(" round  start(R)",  R,  32); 


\n",  round) 


/*  Rotate  roundKey  halves  Left  once  or  twice  (depending  on  round) 

RotateRoundKeyLeft ( roundKey ) ; 

if  (round  !=  0  &&  round  !=  1  &&  round  !=  8  &&  round  !=  15) 

• • RotateRoundKeyLeft(roundKey); 

DumpBinC roundKey(L)",  roundKey+28,  28); 

DumpBin("roundKey(R)",  roundKey,  28); 

/*  Compute  f(R,  roundKey)  and  excLusive-OR  onto  the  value  in  L  */ 

ComputeF(fout,  R  ,  roundKey); 

DumpBin("f(R,key)",  fout,  32); 

for  (i  =  0;  i  <  32;  i++) 

•  •  L  [  i  ]  A=  foutCi]; 

DumpBin("LAf (R,key)",  L,  32); 


Exchange-L_and-R(L,R); 

DumpBin("  round  end(D",  L, 
DumpBin(" round  end(R)",  R 
if  (verbose) 


p  r  i  n  t  f  ( 


Exchange_L_and_R(L,R) 


32); 
32); 

END  ROUND  Xd 


round  ) 


/*  Combine  L  and  R  then  compute  the  final  permutation  */ 

ComputeFP(outBlk,L,R); 

DumpBinC FP  out(  left)",  outBlk+32,  32); 

DumpBinC FP  out(right)",  out B  Ik,  32); 


/ 

voi 
i 

b 
b 

E 
D 
D 
D 
D 

/ 

C 

D 
D 

/ 

C 

D 
D 


•DecryptDES:  Decrypt  a  block  using  DES.  Set  verbose  for  debugging  info. 
•(This  loop  does  both  loops  on  the  "DES  Decryption"  page  of  the  flowchart.) 

d  Dec rypt DES(boo  I  keyC56],  bool  ou t B  I  k [ 64 ] ,  bool  inBlkE64],  int  verbose)  { 

nt  i , round; 

ool  Rr.32],  LH32],  foutC32]; 

ool  roundKeyC56H; 


nableDumpBin  =  verbose;  

umpBinCinput(left)",     inBlk  +  32,     32); 
umpBinCinput(right)",     inBlk,     32); 
umpBin("raw    key (left     )",     key+28,    28); 
umpBin("raw    key(right)",     key,    28); 

*  Compute  the  first  roundkey  by  performing  PC1  */ 
omputeRoundKey(roundKey,  key); 


set  debugging  on/off  flag 


umpBinCroundKey(L) 
umpBin("roundKey(R) 


roundKey+28,  28); 
roundKey,  28); 


*  Compute  the  initial  permutation  and  divide  the  result  into  L  and  R  */ 
omputeIP(L, R, inBlk) ; 


umpBinC  after  IP(L) 
umpBi  n ( "after  IP(R) 


L,  32); 
R,  32); 


or  (round  =  0;  round  <  16;  round  +  +  )  -C 
•if  (verbose) 
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db2cb4 
908034 
a48117 
c5af 5a 
3d033b 
b5d969 
5d54e7 
C84739 
d5a9e6 
5ba5ab 
b2af 5a 
f  a68b4 
18af 5a 
f  3c90d 
6e48f 3 
7f 1bd4 
90f 5db 
871  Iff 
ba7c23 
5baf 5a 
69a140 
c6a063 
f621bf 
784514 
23df 1c 
30af 5a 
ec8e68 
f 5af 5a 
f 5370b 
f 5cf94 
8d8b91 
94f675 
e  f  e  f  e6 
3daf  5a 
dea  f  5a 
41af 5a 
f  c38e5 
4b8d8b 
c1495d 
3e988e 
9e17e0 
60af 5a 
f9815b 
70d64b 
54ef  e6 
24af 5a 
8caf 5a 
daa  f  5a 
1b38e5 
8155cb 
44495d 
737d60 
cf483e 
7217e0 
c7af 5a 
0f  f  689 
83f e1b 
9c300b 
95575a 
0b3242 
aadf 1 c 
bc7b9f 
b3cf9d 
51ef e6 
f baf 5a 
5  ca  f  5a 
51af 5a 
0c38e5 
3bc6ad 
87495d 
57b26c 
64483e 


■■ppintfC BEGIN  DECRYPT  ROUND  %d 

DumpBinC "round  startCD",  L,  32); 
DumpBinC "round  start(R)",  R,  32); 


\n",  round) 


/*  Compute  fCR,  roundKey)  and  excLusive-OR  onto  the  value  in  L  */ 

ComputeFCfout,  R  ,  roundKey); 

DumpBinC "fCR, key)",  fout,  32); 

for  (i  =  0;  i  <  32;  i++) 

•  •  L  C  i  ]  A=  foutCi]; 

DumpBinC "LAfCR, key)",  L,  32); 

Exchange-L_and_RCL,R); 

/*  Rotate  roundKey  halves  right  once  or  twice  (depending  on  round)  */ 

DumpBinC "roundKey(L)",  roundKey+28,  28);  •/*  show  keys  before  shift  */ 

DumpBinC "roundKeyCR)",  roundKey,  28); 

RotateRoundKeyRightCroundKey); 

if  (round  !=  0  SS  round  !=  7  &&  round  !=  14  &&  round  !=  15) 

■ ■ RotateRoundKeyRightCroundKey); 


DumpBinC  "round  end  CD" 
DumpBinC "round  endCR)" 
if  (verbose) 
- • pr  i  n t  f  C " 


32); 
32); 

END  ROUND  %d 


round ) 


Exchange-L_and_R(L,R); 

/*  Combine  L  and  R  then  compute  the  final  permutation  */ 

ComputeFPCoutBlk,L,R); 

DumpBinC'FP  out(  left)",  outBlk+32,  32); 

DumpBinC "FP  outCright)",  outBlk,  32); 


•*  • Compu t eRoundKey :  Compute  PC1  on  the  key  and  store  the  result  in  roundKey 

•  */ 

static  void  Compu  t  e  RoundKey  C  boo  I  roundKey  I  5  6  ]  ,  bool  keyC56D)  -C 

■  •  i  n  t  i  ; 

-•for  Ci  =  0;  i  <  56;  i++) 
••••roundKeyHtable-DES-PCIIIiin  =  keyCiH; 


•  Rot  a t eRoundKey Lef t  :  Rotate  each  of  the  halves  of  roundKey  left  one  bit 
I 

static  void  Rot  a t eRoundKey Le f t C boo  I  roundKey C 56 ] )  i 
boo  I  t  empl ,  t emp2; 
i  n  t  i  ; 

tempi  =  roundKeyC27D; 

temp2  =  roundKeyC55D; 

for  Ci  =  27;  i  >=  1;  i--)  C 

••roundKeytiD  =  roundKeyti-1]; 

- ■ roundKey[i+28]  =  roundKey C i +28-1 ] ; 

} 

roundKeyC  0]  =  tempi; 

roundKeyC28]  =  temp2; 


•*  • Rota t eRoundKeyRi gh t :  Rotate  each  of  the  halves  of  roundKey  right  one  bit 

•  */ 

static  void  Rot  a t e RoundKey R i g h t C boo  I  roundKey C 56 1 )  { 

••bool  tempi,  temp2; 


Chapter  7:  Chip  Simulator  Source  Code 


7-13 


20a0  000e89a59d480040007  Page  6  of  des.c 


eb17e0 
71af 5a 
085025 
754548 
78e568 
806cc2 
fd09da 
ddf  1c 
d5a88d 
365d11 
29ef e6 
5daf 5a 
45af 5a 
d8af  5a 
2f 38e5 
022903 
f b495d 
f  ca  c44 
826085 
f917e0 
bdaf 5a 
81 aeaf 
71f9a6 
466406 
a8c750 
0aaf 5a 
af0318 
54f9a6 
b8ba85 
5b0368 
67f 2b8 
50842c 
7970b5 
22df 1c 
04ef  e6 
46af 5a 
c0af 5a 
96af 5a 
6a38e5 
d84f  f  e 
65495d 
9893a5 
ee42e9 
0b17e0 
0f af 5a 
056c41 
30f9a6 
836406 
5a8397 
4caf 5a 
97aeaf 
1cf9a6 
e16406 
f be116 
c4ef  e6 
3baf 5a 
13af 5a 
b9af 5a 
a438e5 
33810f 
14495d 
af2720 
a9f6a2 
51bbe6 
23af 5a 
291a04 
a599d7 
f 1f0ba 
81af 5a 
7c93f f 
f 17840 
e8d717 


i  n  t  i  ; 

tempi  =  roundKeyC0]; 

temp2  =  roundKeyC28]; 

for  (i  =  0;  i  <  27;  i++)  { 

••roundKeyCi]  =  roundKeyCi+1]; 

•  •  roundKeyCi+28]  =  roundKeyC i +28+1 1 

> 

roundKeyC27]  =  tempi; 

roundKeyC55]  =  t  e  m  p  2  ; 


ComputelP:  Compute  the  initial  permutation  and  split  into  L  and  R  halves. 

static  void  Compu t e I P ( boo  I  LC32],  bool  RC32],  bool  inBlkC64])  { 
bool  outputC64]; 
i  n  t  i  ; 

/  *  Permute 

■  */ 

for  (i  =  63;  i  >=  0;  i  — ) 
••outputCtable-DES-IPCi]]  =  i  n  B  I  k  C  i  ]  ; 

/*  Split  into  R  and  L.  -Bits  63.-32  go  in  L  ,  bits  31. .0  go  in  R. 

■  */ 

for  (i  =  63;  i  >=  0;  i — )  { 

-  •  if  (i  >=  32) 

• L  C  i - 3  2  D  =  outputCi] ; 

•  -else 

•  •  -  •  R  C  i  ]  =  outputCi]; 
> 


ComputeFP:  Combine  the  L  and  R  halves  and  do  the  final  permutation 

static  void  Compu  t  e  FP  ( boo  I  outBlkC64],  bool  LC32],  bool  RC32])  -C 
bool  inputC64]; 
i  n  t  i  ; 

/*  Combine  L  and  R  into  inputC64] 

■  */ 

for  (i  =  63;  i  >=  0;  i  — ) 

••inputCi]  =  (i  >=  32)  ?  LUi  -  32]  :  RCi]; 

/*  Permute 

•  */ 

for  (i  =  63;  i  >=  0;  i--) 

••outBlkCtable-DES-FPM]]  =  inputCi]; 


■ComputeF:  Compute  the  DES  f  function  and  store  the  result  in  fout 

static  void  Compu t e F ( boo  I  foutC32],  bool  RC32],  bool  roundKeyC 56]  )  i 
bool  expandedBlockC48],  subkeyC48],  soutC32]; 
i  n  t  i  ,  k  ; 

/*  Expand  R  into  48  bits  using  the  E  expansion  */ 
ComputeExpansionE(expandedBlock,  R); 
DumpBinC" expanded  E",  expandedBlock,  48); 

/*  Convert  the  roundKey  into  the  subkey  using  PC2  */ 
ComputePC2(subkey,  roundKey); 
DumpBinC "subkey",  subkey,  48); 
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e0a  f  5a 
c3154c 
adf  cab 
4f 651 2 
c0af  5a 
870740 
1d25c6 
6585c7 
f 8af 5a 
b3f d35 
e92d52 
deefe6 
3baf 5a 
25af 5a 
0f af 5a 
8438e5 
00913f 
25495d 
0bf 410 
5a17e0 
b6af 5a 
95339a 
347688 
57ef e6 
80af 5a 
67af 5a 
75af 5a 
e638e5 
2a859b 
2e495d 
59a67e 
d0f 3da 
3daf5a 
261a9e 
e2f ccb 
468c1a 
1  caf  5a 
a64a3e 
a2b706 
eea  f  5a 
df 8aed 
529a60 
2c6ae  c 
a4f487 
208c7f 
27ef e6 
dca  f  5a 
d8af 5a 
f4af 5a 
5938e5 
9781cc 
a8495d 
07796f 
ea17e0 
2faf 5a 
64f cab 
c3c8bc 
f 8ef e6 
89af 5a 
4eaf 5a 
8eaf 5a 
3b38e5 
7a459d 
89495d 
89b46d 
bf 17e0 
94af 5a 
79f cab 
d9b971 
8f  ef  e6 
9daf 5a 
1caf5a 


/*  XOR  the  subkey  onto  the  expanded  block  */ 
for  (i  =  0;  i  <  48;  i++) 
-•expandedBlockCi]  A=  subkeyCi]; 

/*  Divide  expandedB I o c k  into  6-bit  chunks  and  do  S  table  Lookups  */ 

for  (k  =  0;  k  <  8;  k++) 

■ ■ ComputeS-Lookup(k,  sout+4*k,  expandedBLock+6*k); 

/*  To  complete  the  f()  calculation,  do  permutation  P  on  the  S  table  output  */ 
ComputeP(fout,  sout); 


•*  • ComputeP:  Compute  the  P  permutation  on  the  S  table  outputs 

•  */ 

static  void  Compu t eP ( boo  I  outputC32H,  bool  inputC32])  i 

•  -  i  n  t  i  ; 


for  (i  =  0;  i  <  32;  i++) 
-  -  output Utable-DES-PCiD] 


inputCi]; 


•Look  up  a  6-bit  input  in  S  table  k  and  store  the  result  as  a  4-bit  output 
I 

static  void  Compu  t  eS-Loo  kup  (  i  n  t  k,  bool  outputL"4D,  bool  inputL"6])  { 
int  inputValue,  outputValue; 

/*  Convert  the  input  bits  into  an  integer  */ 

inputValue  =  inputC0]  +  2*inputC1]  +  4*input[2D  +  8*inputC3]  + 

16*inputE4D  +  32*inputC5]; 


/*  Do  the  S  table  lookup  */ 

outputValue  =  table-DES-SEkDCinputValue]; 

/*  Convert  the  result  into  binary  form  */ 

output[0]  =  (outputValue  &  1)  ?  1 

outputd]  =  (outputValue  &  2)  ?  1 

outputC2]  =  (outputValue  8  4)  ?  1 

outputC3]  =  (outputValue  &  8)  ?  1 


/* 


ComputePC2:  Map  a  56-bit  round  key  onto  a  48-bit  subkey 


static  void  Compu  t  ePC  2  (  boo  I  s ub key [ 48 ] ,  bool  roundKey  L"  56  1  )  { 
••int  i ; 

••for  (i  =  0;  i  <  48;  i++) 

••••subkeyCi]  =  roundKeyCtable^DES^PC2Ci]]; 


•*  • Compu t eExpans i onE :  Compute  the  E  expansion  to  prepare  to  use  S  tables 
■  */ 

static  void  Compu  t  e  Expa  ns  i  on  E  (  boo  I  expa  ndedB  I  o  c  k  L"  48  ]  ,  bool  RC32])  -C 
•■int  i ; 

••for  (i  =  0;  i  <  48;  i++) 
••••expandedBlockCi]  =  RCtable-DES^ECi]]; 
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e0af 5a 
d338e5 
4cf923 
ba495d 
f 195d1 
3f 17e0 
c2af 5a 
74339a 
19f e8b 
3cefe6 
4f af 5a 
72af 5a 
f eaf 5a 
a438e5 
439231 
52495d 
9cdbd9 
0217e0 
80af 5a 
c98af7 
17b2e5 
4b646c 
a6df 1c 
ada  f  5a 
783332 
35f079 
1ac8c3 
1c5f c3 
56eac8 
22de5b 
123177 
9c821f 
72c8c3 
d86b57 
9105d7 
c6f78c 
89fa6f 
e4df  1  c 
56ef e6 
6aa  f 5a 


**  • Exchange-L-and-R:  -Swap  L  and  R 

•  */ 

static  void  Exc hange^L-and^R ( boo L  LC32],  booL  RC32])  i 

'  '  i  n  t  i  ; 


for  (i  =  0;  i  <  32;  i++) 

•  ■ LCi  ]  A=  RCi ]  A=  LCi ]  A=  RCi] 


exchanges  LCi]  and  RCi] 


/ 
sta 


•DumpBin:  Display  intermediate  values  if  ema b  I  e DumpB i n  is  set. 

tic  void  DumpBinCchar  *str,  bool  *b,  int  bits)  { 
nt  i  ; 

f  ((bits  %  4)!=0  J!  bits>48)  { 

•printf("Bad  call  to  DumpBin  (bits  >  48  or  bit  len  not  a  multiple  of  4\n") 

•  e  x  i  t  ( 1  )  ; 


f  ( Enab I eDumpBi  n  )  { 
for  (i  =  strlen(str);  i  <  14;  i++) 

•  •  p  r  i  n  t  f  (  "  "  )  ; 
printf("%s:  ",  str); 

for  (i  =  bits-1;  i  >=  0;  i--) 

• • printf ("%d",  bCi]); 

p  r  i  n  t  f  (  "  "  )  ; 

for  (i  =  bits;  i  <  48;  i++) 

•  •  p  r  i  n  t  f  (  "  "  )  ; 
p  r  i  n  t  f  (  "  (  "  )  ; 

for  (i  =  bits-4;  i  >=  0;  i-=4) 

••printf("%X",  bCi]+2*bCi+1]+4*bCi+2]+8*bCi+3]) 

printf(")\n"); 
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3008c5  typedef  char  bool; 

d29629  void  Enc  ry  p  t  DES  (  boo  I  keyE56],  boot  ou  t  B  I  k[64  I!  ,  boot  i  nB  I  k£  64  ]  ,  int  verbose) 

2e8db3  void  De c ry p t D E S ( boo L  keyC56D,  boot  outBLkC64],  boot  i nB  I  kC64  ]  ,  int  verbose) 
7f af 5a 
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f64ce1  00  01  02  03  04  05  06  07  08  09  0A  0B  0C  0D  0E  0F  10  11  12  13  14  15  16  17  18  19  11 
fdb9bc  A  1B  1C  1D  1E  1F  20  21  22  23  24  25  26  27  28  29  2A  2B  2C  2D  2E  2F30  31  32  33  34  I 
b5f9a7  35  36  37  38  39  3A  3B  3C  3D  3E  3F  40  41  42  43  44  45  46  47  48  49  4A  4B  4C  4D  4E  41 
4c9b42  F50  51  52  53  54  55  56  57  58  59  5A  5B  5C  5D  5E  5F  60  61  62  63  64  65  66  67  68  69  I 
6A  6B  6C  6D  6E  6F70  71  72  73  74  75  76  77  78  79  7A  7B  7C  7D  7E  7F  80  81  82  83  84I 
•85  86  87  88  89  8A  8B  8C  8D  8E  8F90  91  92  93  94  95  96  97  98  99  9A  9B  9C  9D  9E  91 
F  #  A0  A1  A2  A3  A4  A5  A6  A7  A8  A9  AA  AB  AC  AD  AE  AFB0  B1  B2  B3  B4  B5  B6  B7  B8  Bl 
9  BA  BB  BC  BD  BE  BF  C0  C1  C2  C3  C4  C5  C6  C7  C8  C9  CA  CB  CC  CD  CE  CFD0  D1  D2  D3  I 
D4  D5  D6  D7  D8  D9  DA  DB  DC  DD  DE  DF  E0  E1  E2  E3  E4  E5  E6  E7  E8  E9  EA  EB  EC  ED  El 
E  EFF0  F1  F2  F3  F4  F5  F6  F7  F8  F9  FA  FB  FC  FD  FE  FF 
XOR  MASK 
Cipher  text  0 
Ciphertext  1 
Plaintext  byte  mask 
use  CBC 
extra  XOR 

don't  seed  PRNG  (use  this  input  file) 
starting  key 
number  of  clocks 


57b101 
5c2c39 
4a1c73 
36f c0a 
5b5b61 
ea9439 
829ec4 
b745a7 
642ba4 
658c19 
aa  cdad 
f fd84f 
f b5b0d 
332f cc 
769df9 
c9af 5a 


FFFFFFFFFFFFFFFF 


01020304050607 
1 0000  
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d6f4f1  5 

8ec7a2  8 

f39ec4  0 

fc10d0  1 

2e6a3f  0 

8b8c19  0 

a  1  ed5e  0 

89d84f  0 

ad5b0d  1 
6eabc7 
80d03f 
d5af 5a 


C416114B9D1D2D9B2550DF690FA75E798CC26203B1D79EB346229EDADE314B483321AA44BA4233I 
899568FDF85C1A9DEF1DE864EB2EAB4E52D7E075ADAA992D85DBAC85DD3A9A32 
000000000000000  • • • •  XOR  MASK 

'  Ciphertext  0 

1  Ciphertext  1 

'  Plaintext  byte  mask 

'  use  CBC 

■  extra  XOR 

1  don't  seed  PRNG  (use  this  input  file) 

1  starting  key 

•'  number  of  clocks 


23456789ABCDEF0 
102030405060708 


010203040505D5 
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56feb2 
a1 bea3 
a9c737 
79324c 
242bac 
3da50a 
f eaf 5a 
985854 
69af 5a 
1ac502 
d257e7 
1  391  Of 
5e446e 
0ee00d 
2b0986 
5fb70b 
61  f  31  4 
f 5a5c5 
29708e 
f  1560a 
87af 5a 
f3af 5a 
56c502 
6e57e7 
d31f a8 
ad446e 
7c3170 
970e71 
8cc6d6 
ea17e0 
b8af 5a 
f f4264 
18659f 
657454 
89766e 
30b72a 
b053dd 
bc112c 
141bcb 
55f 545 
4a0422 
46af 5a 
f74264 
92ee8b 
267454 
7d766e 
ecb72a 
a11856 
9ea670 
11b657 
8caf 5a 
0d4264 
3c3a0c 
9c7454 
91766e 
34b72a 
211856 
adcf62 
6398f3 
2baf 5a 
cd4264 
31a5d9 
797454 
a6766e 
52b72a 
301856 
eccb49 
b11da6 
05af 5a 
184264 
f5d221 
747454 


//include  <stdio.h> 

//include  <std  I  i  b . h> 

//include  <memory.h> 

//include  <string.h> 

# include  "des.h" 

//include  "misc.h" 

//define  VERBOSE 

void  Ge t Use r  I  n f o ( uns i gned  char  p  I  a i n t ex t Ve c t o r C 32  ]  , • 

unsigned  char  p  I  a i n t e x t Xo rMa s k Z 8] , • 

unsigned  char  c i phe r t ex t 0C8  ]  ,  unsigned  char  c i phe r t ex t C8] , 

unsigned  char  *p  I  a i n t ex t By t eMa s k,  int  *useCBC,  int  *extraXor, 

int  *quickStart,  unsigned  char  startKeyC7],  long  *numClocks); 

void  i n c remen t 32 ( uns i gned  char  *v); 

void  decrement32(unsigned  char  *  v )  ; 

void  desDecrypt (unsigned  char  mC8D,  unsigned  char  cC8H,  unsigned  char  kC7D) 

void  printHexString(char  *tag,  unsigned  char  *data,  int  I  e  n  )  ; 

static  void  EXIT-ERR(char  *s)  {  fprintf(stderr,  s);  exitd);  > 

int  hex2bin(char  *hex,  unsigned  char  *  b  i  n  )  ; 

void  Get  Use r  Info ( uns i gned  char  p  I  a i n t ex t Vec t o r C 32  1 ,  ■ 

unsigned  char  p  I  a i n t ex t XorMa s kC8]  ,  * 

unsigned  char  c i phe r t ex 1 0E 8H ,  unsigned  char  c i phe r t ex t 1 £8 3 , 

unsigned  char  *p  I  a i n t ex t By t eMa s k,  int  *useCBC,  int  *extraXor, 

int  *quickStart,  unsigned  char  startKeyC7],  long  *numClocks)  { 

f  f  e  r  C  1  0  2  4  ]  ; 

d  char  tmpC5123; 


char    bu 

unsignei 
int     i  ; 


//ifdef    VERBOSE 

-•printf("  Enter    plaintextVector    values:     "); 

//endi  f 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  <=  0  !|  i  >=  256) 

•  •  EXIT-ERR (  "Must  have  at  least  1  plaintextVector  entry  and  at  most  255. \n") 

memset(plaintextVector,  0,  3  2); 

while  ( i --  ) 

'•plaintextVectorCtmpCi]/8]  j=  (128  >>  ( t  m  p  [  i  ]  %  8)); 


/Hfdef  VERBOSE 
•■printf("  **■ 
//endi  f 

ge t  s ( bu 

i  =  hex 

i  f  (i  ! 

• ■ EXIT- 

memcpy ( 


Enter  plaintext  xor  mask:  ") 


f  f  e  r  )  ; 

2bin(buffer,  tmp); 

=  8) 

ERR("Must  have  8  plaintext  xor  mask  bytes."); 

plaintextXorMask,  tmp,  8); 


#ifdef  VERBOSE 
■•printf("  ••* 
#endi  f 

ge  t  s ( bu 

i  =  hex 

if  (i  ! 

• • EXIT- 

memcpy ( 


//ifdef  VE 
•  • pr i  n t  f  ( 
//endif 
get s ( bu 
i  =  hex 
if  (i  ! 
■ • EXIT- 
memcpy ( 


Enter  ciphertext  0:  "); 


f  f  e  r  )  ; 

2bin(buffer,  tmp); 

=  8) 

ERRC'Must  have  8  bytes  in  ciphertext  0.") 

ciphertext0,  tmp,  8); 


Enter  ciphertext  1:  ") 


//ifdef  VE 
■  -  p  r  i  n  t  f  ( 
//endi  f 


f  f  e  r  )  ; 

2bin(buffer,  tmp); 

=  8) 

ERR("Must  have  8  bytes  in  ciphertext  1."); 

ciphertextl,  tmp,  8); 

RBOSE 

"  • -Enter  plaintext  byte  mask:  "); 
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74766e 
82b72a 
8a8448 
b7f706 
6bc2b5 
7a  a  f  5a 
9d4264 
7d1b21 
f  57454 
56766e 
ea  b72  a 
e51 5b9 
b819c6 
68e2c1 
37af 5a 
264264 
7bf965 
887454 
4e766e 
61b72a 
7e15b9 
776c75 
522353 
29af 5a 
a04264 
a7e0e1 
757454 
ce766e 
19b72a 
a015b9 
b12f69 
83bd7b 
91af 5a 
0eaf 5a 
514264 
02c8bf 
187454 
d3766e 
08e684 
f6a5e4 
130ed3 
86af 5a 
5f 4264 
43f4f6 
1c7454 
6f766e 
c677e8 
4b8b81 
d6b093 
6daf 5a 
134264 
db186d 
a4a738 
5df f c6 
b93b57 
99dd31 
72e15b 
2b2f 30 
6817dc 
5f  1535 
157214 
517454 
ebe  f  e6 
7caf 5a 
25af 5a 
020b42 
f ae2f 8 
c7ab75 
74b31a 
584058 
9bef e6 
4baf 5a 


gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  !=  1  ) 

••EXIT-ERR(" Plaintext  byte  mask  is  1  byte  long."); 

*plaintextByteMask  =  t  m  p  C  0  ]  ; 


Enter  useCBC  (0  or  1) 


#ifdef  VERBOSE 
•  •  p  r  i  n  t  f  (  "  •  -  • 
#endi  f 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  !=  1  | |  tmp[0]  >  1 ) 

• • EXIT-ERRC'Must    enter    0    or     1     for    useCBC 

*useCBC  =  tmpC0]; 


#ifdef  VERBOSE 

••printf("  *'*'Enter  extraXor  ( 

#endif 

gets(buffer); 

i  =  h ex2b i n ( bu f f e r ,  tmp); 

if  (i  !=  1  | |  tmpC0]  >  1 ) 

- • EXIT-ERR("Must  enter  0  or  1 

*extraXor  =  t  m  p  C  0 ] ; 


1  ) 


for  extraXor."); 


#ifdef  VERBOSE 

• ■ printf ("  --Enter  quickStart  (0  or  1):  "); 

#endi  f 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  ( i  !  =  1  |  |  tmpC0]  >  1 ) 

••EXIT~ERR("Must  enter  0  or  1  for  quickStart\n"); 

*quickStart  =  t  m  p  [  0 II  ; 


Enter  starting  key 


); 


#ifdef  VERBOSE 

--printfC"  

#endi  f 

*  *  gets(buffer); 

•■if  ( hex2b i n ( bu f f e r ,  tmp)  !=  7) 

• ■ • • EXIT^ERR( "Must  enter  7  hex  bytes  as  the  key.Xn") 

••memcpy(startKey,  tmp,  7); 


#ifdef  VERBOSE 

**printf("  Enter  number  of  clocks:  "); 

#endi  f 

••gets(buffer); 

• • sscanf (buffer,  "%ld",  numClocks); 

■•if  (*numClocks  <  1  ||  *numClocks  >  1000000000L) 

•••■EXIT-ERRC'Must  have  between  1  and  1  billion  clocks. \n") 


//ifdef  VERBOSE 

printHexString("\n  -PtxtVector 

pri ntHexSt r i ng ( "  PtxtXorMask  = 

printHexString("Ciphertext  0  = 

printHexString("Ciphertext  1  = 

pri ntHexS t ri ng ( "PtxtBy t eMask  = 

printfC  "  useCBC  = 

printfC  "  '-'extraXor  = 

printf(  "  -quickStart  = 

printHexString(" Starting  key  = 

printfC  "Total  clocks  = 

#endif 

} 


=  ",  plaintext 
" ,  plaintextXo 
",  ciphertext0 
",  ciphertextl 
" ,  plaintext  By 
%d\n",  *useCBC 
%d\n",  *extraX 
%d\n",  *quickS 
",  startKey,  7 
%ld\n\n",  *num 


Vector, 

32) 

rflask. 

8)  ; 

,    8); 

,    8); 

teMask, 

1  ); 

); 

or); 

tart); 

); 

Clocks) 

; 

void  i nc remen t 32 ( un s i gned  char  *v) 
■ • if  ((++(vC3D))  ==  0) 
-  •  •  •  if  ((++(vC2D))  ==  0) 

if  ((++(vC*m>  ==  0) 

+  +  v  C  0  D  ; 

} 
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e45411 
0dc266 
b2dbd7 
f033f  c 
2a3c05 
d8ef e6 
ada  f  5a 
e6bc23 
15f65b 
f d17e0 
68af 5a 
54ec0c 
4cf 514 
f8af 5a 
13815b 
ae9345 
f  35c33 
1 0e5ed 
eac59d 
5b1f76 
6f452e 
f  55c33 
fa7511 
59f  e29 
f 2af 5a 
04641 f 
b8af 5a 
43ef e6 
17af 5a 
e5af 5a 
30c2bf 
bc53c4 
1603d6 
8d8db1 
480ada 
3449e3 
28a66f 
c712d4 
2eef e6 
85af 5a 
46af 5a 
ed4579 
53c22f 
876a41 
efaf 5a 
598ef6 
b08b28 
c252e6 
1ba3ed 
7760d1 
e7a6e  5 
7c2462 
aba  f  5a 
5a1 f 4a 
6a8e69 
f  ed278 
09df 1c 
4baf 5a 
4f 1f4a 
d  f  5b0 
2f 5f6a 
26643e 
567935 
dbc028 
195f6a 
8b6fe7 
3fe16f 
a78539 
ea6fe7 
efdf 1c 
68c1d2 
5def  e6 


void  dec rement 32 ( uns i gned  char  *v)  { 

•  -  if  (((vC3D>— ->  ==  0) 

•  ■  •  •  if  C((vC23)  — )  ==  0) 

if  (((vUIl)--)  ==  0) 

vC0]  —  ; 


void 
•  •  boo 
■  •  i  nt 


for 
•  ■  k 
for 


Dec 
for 


for 
*  •  i 


des 
I  k 

i  ; 

r  i  n 

rin 

(i 
eyC 

(i 
ess 
ryp 

(i 
Ci] 

(i 
f  ( 
■mC 


De c rypt ( un s i gned  char  mC8],  unsigned  char  cL"8D,  unsigned  char  k  C  7  H  )  { 
e  y  [  5  6  ]  ,  messageC64D; 


tf  ("DES~DECRYPT(k  =  ") 
tf(",  c=");  for  (i=0 


for  (i=0;  i<7;i++)  pr i n t f (  "  %02X " , kC i 1 ) ;  •//!!! 
i<8;i++)  printf ("%02X",cCi]>;  //!!! 


=  0;  i  <  56;  i++) 
55-i]  =  ((kCi/8D  <<  (i  &  7))  &  128)  ?  1 

=  0;  i  <  64;  i++) 
age[63-i]  =  ((cCi/8]  <<  (i  S  7))  8  128) 
tDESCkey,  message,  message,  0 ) ; 

=  0;  i  <  8;  i++) 


=  0;  i  <  64;  i++) 
message  C63-i ] ) 
i/83  |=  128  >>  <i%8); 


printf(  ")  =  ");  for  (i 


i<8;i++)  printf ("%02X",m:i 3);  pr i n t f ( " \ n " ) ;  //!!! 


nt  unhex(char  c)  -C 
if  (c  >=  '0  '  i 
••return  (c  - 
if  ( c  >=  ' a '  ! 
••return  (c  - 
if  (c  >=  'A'  I 
••return  (c  - 
return  (  - 1  )  ; 


,8  c  <=  '9'  ) 

*  0  '  )  ; 
,8  c  <=  '  f  '  ) 

'  a  '  +  10); 


C   <  = 


F'  ) 


+  10); 


hex2bin(char  *hex,  unsigned  char  *bin)  { 
nt  i  =  0; 
nt  j  =  0; 

*  Trim  string  if  comments  present  */ 

f  (strchr(hex,  '  tt  •  )  !=  NULL) 

•*strchr(hex,  '#')  =  0; 

f  (strchr(hex,  ■*•)  !=  NULL) 

•*strchr(hex,  '*')  =  0; 

f  (strchr(hex,  ' \ ■ ■ )  !=  NULL) 

•*strchr(hex,  '  \  '  •  )  =  0; 

or  (i  =  0;  i  <  strlen(hex);  i++)  { 

•if  (hexCi]  >=  '0'  88  unhex ( hex C i ] )  <  0) 

•••EXIT„ERR("Bad  hex  digit  encountered. \n") 


or  (i  =  0;  i  <  strlen(hex);  i  +  + )  { 
if  (hexCi  D  <  '01 ) 

•  •  continue; 

if  (hexCiD  >=  '0'  88  hexCi+1]  >=  '0')  { 
• • bi nC j ++]  =  unhex ( hexC i ] )*1 6+unhex( hexC i +1 ] ) 
••i++;  •••//  skip  one 

•  •  continue; 
> 

if  (hexCi]  >=  '0' )  { 
••binCj++]  =  unhex ( hexC i D ) ; 
> 

> 

return  (j); 
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--3c7b  001 4804ceb88004000b  Page  4  of  misc.c 

e0a  f  5a 

1 aa  f  5a 

027b71  void  p r i n t Hex S t r i ng ( c ha r  *tag,  unsigned  char  *data,  int  Len)  { 

aa17e0  --int  i  ; 

20af 5a 

469650  •■printf("%s",  tag); 

526c12  • -for  (i  =  0;  i  <  Len;  i++) 

21cd57  •-••printf("%02X",  dataCi]); 

bafee8  ••printf("\n"); 

b6efe6  > 

48af 5a 
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--77c4  001029468f d8004000c  Page  1  of  m i s c  .  h 

e0af 5a 

32c502  void  Ge t U s e r I n f o ( un s i gned  char  p I a i n t ex t Vec t o r C 32 ]  ,  * 

6657e7  unsigned  char  p I a i n t ex t Xo rMa s k C8]  , * 

e5910f  unsigned  char  c i phe r t ex 1 0C8D ,  unsigned  char  c i phe r t ex t C 81 , 

4c446e  unsigned  char  *p L a i n t ex t By t eMa s k,  int  *useCBC,  int  *extraXor, 

25e00d  int  *quickStart,  unsigned  char  startKeyC7D,  Long  *numCLocks); 

560986  void  increment32(unsigned  char  *v); 

edb70b  void  decrement32(unsigned  char  *v); 

4cf314  void  de s De c ry p t ( un s i gned  char  mC8],  unsigned  char  cC8],  unsigned  char  kC7D) 

fea5c5  void  printHexString(char  *tag,  unsigned  char  *data,  int  Len); 

f9560a  int  hex2bin(char  *hex,  unsigned  char  *bin); 

02af 5a 
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•91c4  001 d95d620a8004000d  Page  1  of  random. scr 


1b9f 56 
4e9ec4 
c4327c 
892ba4 
918c19 
05ed5e 
37d84f 
260627 
63a481 
8bd03f 
d9af 5a 


XOR  MASK 
Ciphertext  0 
Cipher-text  1 
Plaintext  byte  mask 
use  CBC 
extra  XOR 

random  vector  (0=seed  with  timer,  1=use  input, 
starting  key 
number  of  clocks 


>1=seed) 
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56feb2 
a  1  bea  3 
a9c737 
79324c 
242bac 
3da50a 
f eaf 5a 
e7f8b5 
d8af 5a 
7a4525 
c46e85 
8787d4 
4357e7 
d31f a8 
7d5e1b 
64af 5a 
57a2c4 
2b7ab8 
776f32 
01ed17 
52e93c 
37b1b4 
36c9d8 
38e13a 
948520 
ac5ec8 
d7af 5a 
8a50e3 
8fd756 
47ab3c 
2aa  f  5a 
7f ee44 
dea2d3 
22beb4 
08c578 
ab91 ec 
5320a7 
3e6f e7 
71ddad 
96df 1c 
a  ee  f  e6 
8caf 5a 
00af 5a 
d287d4 
5c57e7 
381fa8 
5f4479 
3c0a0b 
1417e0 
d4af 5a 
a4f 09d 
26835d 
188cf0 
d849c7 
24667c 
0bd985 
db406b 
f2e248 
607ba6 
7cdf 1c 
bb1f76 
45e88c 
17af 5a 
c64534 
b53498 
96553a 
6dda88 
ead221 
37952a 
af 2ad3 
b6b33d 
31111e 


//include  <stdi  o . h> 

#inc Lude  <std  L  i  b . h> 

//include  <memory.h> 

//include  <string.h> 

//include  "des.h" 

//include  "misc.h" 

//define  C  LOCKS-PER-DES  18 

int  p  la i ntex tMa t ch ( uns i gned  char  p  I  a i n t ex t Vec to r C32  ]  ,  unsigned  char  mC8], 

unsigned  char  plaintextByteMask,  int  ciphertext,  unsigned  char  key£7D) 

void  chec kKey ( uns i gned  char  keyC7],  unsigned  char  p  I  a i n t ex t Vec t o r C 32  ]  ,  • 

unsigned  char  p  I  a i n t ex t Xo rMa s kC8]  ,  - 

unsigned  char  c i phe r t ex 1 0C 8  ]  ,  unsigned  char  c i phe r t ex 1 1 C8  ]  , 

unsigned  char  plaintextByteMask,  int  useCBC,  int  extraXor); 

void  main(void)  { 

unsigned  char  startKeyC7],  plaintextVector[32]; 

unsigned  char  plaintextXorMaskC8]; 

unsigned  char  ciphertext0C8]; 

unsigned  char  ciphertextl C8D; 

unsigned  char  plaintextByteMask; 

int  useCBC,  extraXor,  quickStart; 

int  i  ,  j  ; 

long  numClocks; 

unsigned  char  k  e  y  C  7  D  ; 

Ge tUse r  Inf o ( p  I  a i n t ex t Vec tor ,  p  I  a i n t ex t Xo rMa s k,  ciphertext0,  c i phe r t ex 1 1 , * 

Sp  la i ntextBy teMask,  &useCBC,  SextraXor,  SquickStart,  startKey, 

SnumClocks); 


for  (i  =  0;  i  <  numClocks;  i  +=  C LOCKS-PE R-DES )  { 
for  (j  =  0;  j  <  24;  j++)  { 
memcpyCkey,  startKey,  8  )  ; 
keyC0]  +=  j; 

c he c kKey ( key ,  p  I  a i n t e x t Ve c t o r ,  p  la i n t ex t Xo rMa s k,  ciphertext0, 
••••ciphertextl,  plaintextByteMask,  useCBC,  extraXor); 


increment32(startKey+3); 


d  c hec kKey ( uns i gned  char  keyC7],  unsigned  char  p  I  a i n t ex t Ve c t or C 32 1 , 

unsigned  char  p  I  a i n t ex t Xo r Ma s kC8 ] , • 

unsigned  char  c i phe r t ex 1 0C8D ,  unsigned  char  c i phe r t ex 1 1 C8  ]  , 

unsigned  char  plaintextByteMask,  int  useCBC,  int  extraXor)  -C 

unsigned  char  mC8D; 
int  i  ; 


des 
pri 
pri 
pri 

f 


} 

for 


Decrypt(m,  ciphertext0,  key); 
ntf ("DES-decrypt (K=");  for  (i 


ntf(",  C0=" 
ntf(")  ->  " 
(extraXor) 
[0]  A=  mC4: 

m:  A=  m:5: 

C2]    A=    mlI6] 
C3]    A=    mlI7] 


for 
for 


(i  = 
(i  = 


=  0;  i  <  7;  i++)  pr i n t f ( " %02X"  ,  keyCi]); 
8;  i++)  printf("%02X",  ciphertext0Ci]); 
8;  i++)  printf("%02X",  mCi]);  printf("\n 


(i  = 
Hi]  A  = 


I ;  i  <  8  ;  i  +  +  ) 
plaintextXorMaskM  ], 


f  (plaintextMatch(plaintextVector, 
desDecrypt(m,  ciphertextl,  key); 
pr i nt f ( "DES_dec rypt (K="  )  ;  for  (i 


p  r  i  n  t  f ( " ,  C 1 =" ) ; 

printfC)  ->  "); 
if  (extraXor)  { 
••mC0]  A=  mC4], 
• -mClD  A=  m:5], 
• -m[2]  A=  mC6:, 


for  (i 
for  (i 


plaintextByteMask,  0,  key))  i 

;     i  <  7;  i++)  pr i n t f (  "  %02X"  ,  keyCi]); 
i++)  printf("%02X",  ciphertextlCiD); 
i++)  printf("%02X",  mCill);  printf("\n' 
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—  62a0  01 

4c88f  0 
5b6f e7 
5b662a 
429494 
e1 f3f9 
2b6f  e7 
10e5be 
5246f  f 
059a8a 
c22526 
3f 44d0 
0f 5501 
736f el 
6adf  1  c 
19ef e6 
81af 5a 
01af 5a 
004525 
8aa762 
b817e0 
f Oaf  5a 
068715 
c585ef 
388e03 
b98ec8 
d65f6a 
854210 
13df1c 
cea  f  5a 
957381 
2daec4 
80dac3 
b461e2 
021f76 
6511eb 
b7fee8 
93af 5a 
35ec77 
bdaec4 
5f edd0 
d29064 
371f76 
d7651e 
96c77e 
10af 5a 
e0d4d1 
d9ef  e6 
a1 af 5a 
8aaf 5a 


8ac4c1 498004000e  Page  2  of  ref.c 
mC3D  A=  mC71; 


f  (useCBC)  { 

•for  (i  =  0;  i  <  8;  i++) 

•  •  •  m  L"  i  ]  A=  ciphertextOCi]; 

f  ( p La i nt ext Ma t ch ( p I a i n t ex t Vec to r,  m,  p I  a i n t ex t By t eMa s k,  1,  key))  { 

printfC VALID  MATCH \  n  "  )  ; 

fprintf(stderr,  "Match  found  at  key  ="); 
for  (i  =  0;  i  <  7;  i++) 
••fprintf(stderr,  "  %  0  2  X  "  ,  k  e  y  [  i  ]  )  ; 
fprintf(stderr,  "  \  n  "  )  ; 


nt  p  L  a  i  n  t  ex  t  Ma  t  ch  (  uns  i  gned  char  p  I  a  i  n  t  ex  t  Ve  c  t  o  r  L"  32  ]  ,  unsigned  char  mC8], 

unsigned  char  p  I  a i n t ex t By t eMa s k,  int  ciphertext,  unsigned  char  keyC7])  { 

i  n  t  i  ; 

for  (i  =  0;  i  <  8;  i++)  { 

if  (  (pLaintextByteMask  S  (128>>i))  ==  1) 

••continue;  ••/*  this  byte  is  skipped  */ 

if  (plaintextVectortmCi  1/82    &    (128  >>  (  mL"  i  :  %8  )  )  ) 

• • continue; 

return  (0);  /*  no  match  */ 

} 

printf (" Match  of  C%d  with  key  ",  ciphertext); 

for  ( i  =  0 ;  i  <  7 ;  i  +  + ) 

••printf("%02X",  keyCi]); 

p  r  i  n  t  f  (  "  =  "  )  ; 

for  (i  =  0;  i  <  8;  i++) 

•  •  pri  ntf  ("%02X"  ,  mM  3); 

printfC" \n"); 

fprintf(stderr,  "Match  of  C%d  with  key  " ,     ciphertext); 

for  (i  =  0;  i  <  7;  i++) 

••fprintf(stderr,  "%02X",  keyCi]); 

fprintf(stderr,  "  =  "); 

for  (i  =  0;  i  <  8;  i++) 

••fprintf(stderr,  "%02X",  m C  i ] ) ; 

f printf (stderr,  "\n"); 

••return  (1); 

> 
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8d2d03 
0833b1 
b33dcc 
6a29eb 
4509f  c 
5f8aaf 
38caeb 
f74992 
c129eb 
66c755 
8129eb 
f b489b 
a729eb 
126eef 
e329eb 
d97744 
4fbaf4 
6ce429 
3a29eb 
74d8c3 
9daf 5a 
33feb2 
b5bea3 
b8c737 
80324c 
e72bac 
2f bd71 
0aaf 5a 
b051c3 
d6af 5a 
67a99d 
54b42e 
1d7608 
2aa  f  5a 
28708e 
62725e 
7f8541 
a060c4 
bb79bd 
9bf453 
f9d39e 
753286 
a  2a  c  ca 
91cc8b 
b8b1ae 
31af 5a 
34ec7c 
0df ec4 
40af 5a 
6ee4e3 
41e3e4 
710ab3 
cc8af  3 
0c913b 
538181 
c053df 
daa765 
533efd 
4  ce4be 
689e18 
24f67e 
d35f 18 
1  d  1b6 
cb8c2d 
3300ab 
17c6c2 
23af 5a 
11af 5a 
dlaf 5a 
b1a885 
1  aab8b 
f46530 


Software  Simulator  for  DES  keysearch  ASIC 


•■Written  1998  by  Cryptography  Research  (http://www.cryptography.com) 

and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  ••• 

Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  ••• 

THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK 


IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM 


************: 


******** 


***********; 


******* 


REVISION  HISTORY 


Version  1.0: 
Version  1.1: 


Initial  version.  

Initial  release  by  Cryptography  Research  to  EFF. 
(Fixed  byte/bit  ordering  notation  to  match  VHDL.) 


******** 


********* 


//include  <stdio.h> 

//i  nc lude  <s td I i  b  .  h> 

//include  <memory.h> 

//include  <string.h> 

//include  "des.h" 

//include  "sim.h" 

//define  DEBUG 

long  getClockCounter(void); 

int  peekState(int  addr); 

int  RunChip(char  *  i  n  p  u  t  ,  FILE  *outfile,  int  useRaw); 

static  void  EXIT_ERR(char  *s)  {  fprintf(stderr,  s);  e  x  i  t  ( 1  ) 


int  *reset,  int  *boardEn,  int  *ale, 
*rdb,  int  *adrsel2,  int  *allactln, 
*  d  a  t  a  )  ; 


static  void  pa rse  I  npu t ( c ha r  *input, 

int  *adrsel1,  int  *web,  int 

int  *addr,  int  *chipld,  int 

static  int  unhex(char  c  )  ; 

static  void  RunClock(void); 

static  void  desDe c ry pt ( un s i gned  char  mE8D,  unsigned  char  cC8], 

unsigned  char  k  [  7  ]  )  ; 

static  void  increment32(unsigned  char  *  n  u  m  )  ; 
static  void  decrement32(unsigned  char  *num); 
static  void  pr i n t Key  I nf o ( F I LE  *outDev,  char  ♦preamble,  int  searchUnit) 


static  unsigned  char  ALLACTIVE-IN  =  1 
unsigned  char  ALLACTIVE-OUT  =  0; 


/*  not  held  between  calls  */ 


unsigned 
unsigned 


unsigned 

unsigned 

unsigned 

int 

unsigned 

unsigned 


char 
char 
long 
•  i  nt 
char 
char 
char 


1  ; 


unsigned 
unsigned 


unsigned 


char 
char 
•  i  nt 
char 
char 
i  nt 
i  nt 
i  nt 
char 


STATEC256D; 
SELECTED-CHIP; 
CLOCK-COUNTER 
DES-POSITION; 

W0RKING-CTXTC24*8D;  

W0RKING-PTXTC24*8H;  

RAW-DES-0UTC24*8D;  

W0RKING-KDELTAC24D;  

W0RKING-LAST-SELECT0RC24]; 
W0RKING_NEXT-SELECT0R[24D; 

STARTUP-DELAYC24:;  

THIS-KEYC24*7];  

NEXT-KEYC24*7];  

PENDING-UPDATE-ADDR1  =  -1 , 
PENDING-UPDATE-ADDR2  =  -1, 


PENDING-UPDATE-ADDR3 
MATCHC24D; 


••/*  last  DES  input  

••/*  last  DES  out  (for  ptxt  check) 

••/*  raw  DES  outputs  

••/*  key  delta  (-1,  0,  or  +1)  ■■■• 
••/*  last  ciphertext  selector  •■•• 
••/*  next  ciphertext  selector  ■•-• 

••/*  startup  delay  ••* •-• 

• • /*  current  DES  key  

• • /*  next  DES  key  

PENDING-UPDATE-DATA1  =  -1; 
PENDING-UPDATE-DATA2  =  -1; 


1,  PENDING-UPDATE-DATA3 


1  ; 


static  void  rese t C h i p ( vo i d )  i 

■  ■  memset(STATE,  0,  s i z eo f ( ST ATE ) ) 

■•SELECTED-CHIP  =  0; 


/*  RESET 
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417126 
9f a8d9 
e2ae80 
b5af b1 
677ba0 
d  e6c6 
c48102 
699bcb 
8f3fe2 
849161 
850ce5 
c98635 
28078a 
4f 19ae 
49efe6 
52af 5a 
04af 5a 
51a5b0 
8eb11d 
7eef e6 
85af 5a 
98af 5a 
5f22bd 
c69e96 
78efe6 
c0a  f 5a 
7caf 5a 
66664b 
686c17 
ef86d5 
41e13a 
6ea  f  5a 
75261a 
29b7df 
4e7493 
30af 5a 
183f 21 
9d58d6 
54b64f 
a281d3 
129df f 
5581d3 
3cbc66 
0081d3 
f a6af 8 
bb80de 
90842c 
21294b 
7302c3 
8781d3 
66d581 
df 81d3 
ebb10b 
7b50c6 
3bda60 
b64b08 
2b22f c 
33d675 
f805d7 
c78561 
44c934 
b2a6a3 
59e0f6 
143237 
545d8e 
977454 
be7fb0 
7342cc 
056a79 
a6b05a 
f 5da60 
9c6fe7 


DES-POSITION  =  13; 

memset(WORKING-CTXT,  0,  sizeof(WORKING-CTXT)); 

memset ( WORKI NG-PTXT ,  0,  s i zeof ( WORKI NG-PTXT  )  )  ; 

memset (  R A W-D ES-OUT,  0,  s i zeof ( R AW-D E S-OUT ) ) ; 

memset(WORKING-KDELTA,  0,  sizeof(WORKING-KDELTA)); 

memset (WORKING-LAST-SELECTOR,  1,  s i z eo f ( WO RKI NG-L A S T-S E L E C TO R ) ) 

memset (WORKING-NEXT-SELECTOR,  1,  s i z eof ( WORKI NG-NEXT-SE LECTOR ) ) 

memset (STARTUP-DELAY,  0,  s i z eo f ( ST ARTU P-D E LA Y  )  ) ; 

memset(THIS-KEY,  0,  s i zeo f ( TH I S-KE Y  )  )  ; 

memset (NEXT-KEY,  0,  s i z eof ( N E XT-KE Y )  )  ; 

PENDING-UPDATE-ADDR1  =  - 1 ; 

PENDING-UPDATE-ADDR2  =  - 1  ; 

PENDING-UPDATE-ADDR3  =  -1; 

memset(MATCH,  0,  sizeof(MATCH)); 


Long  ge t C L oc kCoun t e r ( vo i d  )  i 
•■return  (CLOCK- COUNTER); 

> 


int  pee kS t a t e ( i n t  addr)  { 
•  •  return  ( STATE C add r  ])  ; 
> 


nt  RunChip(char  *input,  FILE  *outfile,  int  useRaw)  { 
int  reset, boardEn,  ale, adrseH,  web, rdb,adrsel2,allactiveln, addr, chipld, data; 
int  dataOut; 
int  i  ,  j ; 

pa rse  I  nput ( i nput  ,  &reset,  &boardEn,  Sale,  BadrseM,  &web,  8rdb,  8adrseL2, 

Sallactiveln,  Saddr,  &chipld,  &  d  a  t  a  )  ; 

ALLACTIVE-IN  =  (unsigned  char)allactiveln; 

dataOut  =  data;  /*  default  */ 

f  (reset  ==  0)  {  /*  reset?  */ 

resetChip(); 
RunClock(); 

>  else  if  (boardEn  ==  0)  i     /*  board  disabled?  */ 

R  u  n  C  I  o  c  k  (  )  ; 

>  else  if  (ale  ==  1)  i    /*  select  chip/board  */ 

RunClock(); 

if  (adrseH  ==  1  > 

■■SELECTED-CHIP  =  (unsigned  char)addr; 

else 

••{  /*  board  select  done  off-chip  */  > 

}  else  if  (chipld  !=  SELECTED-CHIP)  {  /*  chipld  not  ours?  */ 

RunClock(  ); 

>  else  if  (web  ==  0)  {  /*  writing  register?  */ 

R  u  n  C  I  o  c  k  (  )  ; 

f  (addr  >=  R EG-S E ARC H-KE Y ( 0  )  )  { 

PENDING-UPDATE-ADDR2  =  addr;  /*  key  */ 

PENDING-UPDATE-DATA2  =  data; 
f  (((addr  &  7)  ==  7)  &&  (data  S  1)  &&  ( ( ST ATE C add r  ]  &  1)  ==  0))  { 

f  (CLOCK-COUNTER  <  750) 

•  STARTUP-DELAYlKaddr  -  0x47)  /  83  =  21;  /*  adjust?  */ 

Ise  { 

■ STARTUP-DELAYlKaddr    -    0x47)     /    8]    =    2* C LOCKS-PER-D E S    -    D E S-POS I T I  ON ; 

■  i  f  (DES-POSITION  >=  15) 

■•  -STARTUP-  DELAYL"(addr  -  0x47)  /  8]  +=  CLOCKS-PER-DES; 

/*  uncomment  for  debugging  message  on  halts  */ 

•fprintf(stderr," Startup  with  DES-P0SITI0N=%d  in  unit  %d,  delay=%d\n", 

DES-POSITION,  (addr-0x47)/8,  STARTUP-D E LA Y C ( add r  -  0x47)  /  8D); 


//end 


else  ( 

PENDING-UPDATE-ADDR2  =  addr; 

PENDING-UPDATE-DATA2  =  data; 


/*  other  reg  */ 
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5be4b8 
e34a99 
2e81d3 
1249d8 
8981d3 
fadf 1c 
eaa  f  5a 
671c5c 
123cea 
e1a3f4 
9c6a79 
f e2044 
e9f86f 
01457c 
31e69a 
f f 590a 
91798f 
35555b 
78dc93 
f  e00e6 
3054ea 
8305d7 
a8dcd6 
5cad27 
387f b0 
9978b2 
c42b60 
451685 
4515b3 
c2132c 
a6ab83 
ad7fb0 
b67454 
2ca770 
a32b60 
c51f c2 
2c5bf8 
298e7e 
1a4ad8 
8f 7f b0 
017454 
3767a5 
6a42  c  c 
22b96e 
e86f e7 
23df 1c 
a3755d 
f 75593 
0cef  e6 
d7af 5a 
e7af5a 
d4725e 
ce8541 
746a3d 
a1 17e0 
47af 5a 
c69eb9 
ccda15 
558715 
dc3f7 
93b045 
ddf  1c 
38b959 
70bbf9 
6401b9 
78422f 
fddf  1c 
d4af 5a 
958f 00 
4a25a2 
7c660a 
b92df a 


}  else  i 

•  -  da t aOu 

•  • RunC  Lo 
}  else  { 

■ • RunCLockC); 
> 


f  (rdb  ==  0)  { 
t  =  STATECaddr], 
c  k  (  )  ; 


read  a  register 


if  (CLOC 
••if  (us 

•  •  •  •  f  p  r  i 

•  •  >  else 
• • • • f pr i 


K-CO 
eRa  w 
ntf  < 

{ 
ntf  ( 


R  >=  2)  { 


for 
•  •  fo 


(i  = 
r  (J 
f  p  r  i 
r  i  nt 
(CL 
f  p  r  i 
se  i 
f  p  r  i 
se  i 
for 
•  -fp 


UNTEI 

)  c 

outfile,  "%02X  %d\n",  dataOut,  ALLACT I VE-OUT ) ; 

out  file,  "  (Addr:  %02X)  -(Exp:  00)  (Get:  %02X)  at  Cycle:  %  I  d \ n " 
addr,  dataOut,  CLOCK-COUNTER); 

0;  i  <  24;  i++)  { 

=  6;  j  >=  0;  j  — ) 
ntf(outfile,  "%02X",  STATEHREG-SEARCH-KEY(i)  +  j:]); 
f (out  file,  "  "); 
OCK-COUNTER  <  22) 

ntf(outfi  le,  "0000000000000000"); 
f  (CLOCK-COUNTER  <=  37) 
ntf(outfile,  "094CCE83D677160F"); 

(j  =  7;  j  >=  0;  j  — ) 

rintf (outf i  le,  "%02X",  R AW-DES-OUT C 8* i + j  ]  )  ; 


#if  0 


/*  uncomment  to  print  information  about  the  MATCH  */ 


static  int  I  a  t  ch  [  24  ]  =  -C0,  0,  0,  0,  0,  0,  0,  0  ,  0,  0  ,  0,  0,  ! 

0,0,0,0,0,0,0,0,0,0}; 

0  N  =  =  1  0  )  I  a  t  c  h  C  i  3  =  MATCHMH; 
"  %d",  latchCi]); 


if  ( 
f  pr  i 


DES- 
ntf  ( 


POSITI 
ou t  f  i  I 


//end  i  f 
#i  f  0 


uncomment  to  print  information  about  NEXT-SELECTOR  */ 


#endi  f 


static  int  I  a  t  c  h  C  24  ]  =  {  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  ,  1  , 

1,  1,1, 1,1,  1,1, 1,1, 1 > ; 

if  (DES-P0SITI0N==1 5)  LatchCiD  =  WO  RK  I  NG-N  E  XT-S  E  LE  C  TOR  L"  i  D  ; 
fprintf(outfile,  "%d",  LatchCi]); 


•  -fp 

> 

f  pr  i 


CLOCK-CO 
return  ( 


rintf(outfile,  "  :  Unit%d\n",  i) 
ntf(outfile,  "\n" >; 


UNTER++; 
dataOut) 


static  void  pa rse I npu t ( c ha r  *input,  int  *reset,  int  *boardEn,  int  *ale 

int  *adrsel1,  int  *web,  int  *rdb,  int  *adrsel2,  int  *allactln, 

int  *addr,  int  *chipld,  int  *data)  -C 

nt  i  ; 


f  (strlen(input)  <  17  |j  i npu t [ 8 D  !  =  '  '  jj  i  npu  t  C 1  1  1  !  =  '  '  |  ', 
••EXIT-ERR("Bad  input. \n"); 
for  (i  =  0;  i  <  8;  i++)  { 
•if  (inputCi]  !=  '0'  &&    inputCi]  !=  '1') 
••*  EXIT-ERR ( "Bad  input  (first  8  digits  must  be  binary.  )\n") 

f  ( unhex ( i nput C9D  )  <  0  jj  unhex ( i npu t C 1 0  ]  )  <  0  [j 

unhex( i nput C  1  21  )  <  0  jj  unhex ( i npu t C 1 3 D  )  <  0  jj 

unhex ( i nput C1 5  ]  )  <  0  jj  unhex ( i npu t C 1 6]  )  <  0)  i 

•EXIT-ERR("Bad  input  (addr,  chipld,  data  must  be  hex)"); 


inputC14D 


*  re  se  t 
*boa  rdEn 
*ale 
*adrse  1 1 


=  i  nput [0] 

=  i  nput M  ] 

=  inputC2] 

=  i  nput  C3H 
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481 1 1b 
71de77 
060751 
dd2b3 
449a0b 
3842c3 
2d9e2a 
0f ef e6 
c0a  f 5a 
0caf 5a 
62d93f 
8d8462 
6b53c4 
f 203d6 
2f8db1 
3f 0ada 
a149e3 
86a66f 
0f 12d4 
95efe6 
f4af 5a 
7baf 5a 
1baf 5a 
4f 38e5 
dea850 
89495d 
4442ee 
5c6275 
dd470b 
77af 5a 
9c9101 
84543c 
604f 54 
3a4600 
340ea6 
8e6fe7 
76df 1c 
14af 5a 
586df4 
e94ae1 
8e23cf 
c6d1d 
bd642b 
a0178a 
c9fb5d 
c  e346  c 
1e359e 
f40eb7 
a042cc 
f83f33 
b11a90 
f  1af 5a 
dd663d 
b9b83a 
e3472c 
df e9d7 
0f 373c 
4b09f e 
28e722 
3da57c 
a05af 3 
701df 0 
8bb30b 
cad29b 
de670b 
ee2  e47 
9b3369 
2869ea 
d2b8e7 
ced05d 
4ae9d7 
648f35 


*web  =  inputC4H- 

*rdb  =  inputC5D- 

*adrsel2  •=  inputC6D- 

*a  L  Lact  In  =  i  nput C7]- 

*  a  d  d  r  ••••=  16*unhex(inputC9])  +  unhex(inputC10D); 

*chipld  ■•=  1 6*unhex ( i nput C 1  2D )  +  unhex ( i npu t C 1 3 ] ) 

*data  ••••=  1 6*unhex ( i nput C 1 5 3  )  +  unhex ( i npu t C 1 6  ]  ) 


/* 
sta 


Decodes 
tic  i  n  t 
f  (c  >  = 
■  return 
f  (c  >  = 

•  return 
f  (c  >  = 

•  return 


a  hex  char  or  returns 
unhex ( cha  r  c)  -C 


1  if  bad 


'  f  '  ) 
10); 

'  F'  ) 
10); 


return  (-1  ) 


Run  the  system  for  one  clock  cycle  and  update  the  state. 

void  RunC  I  oc k ( vo i d )  i 
int  i ,j,k,b; 
unsigned  char  k  e  y  C  7  ]  ,  m  [  8  ]  ,  c  £  8  ]  ; 

for  (i  =  0;  i  <  24;  i++)  { 

if  (STARTUP-DELAYCi ]  >  0)  { 

• • STARTUP-DELAYHi ] — ; 

■•if  (STARTUP-DELAYCi 1     ==    0) 

■•••STARTUP-DELAYCi]  =  -1;  

> 
> 


/*  prevent  stop  if  1st  C0=match 


/*  DES  CLOCK  5:  Plaintext  vector  result  from  last  DES  is  ready.  */ 
f  (DES-POSITION  ==  5)  { 

for  (i  =  0;  i  <  24;  i++)  -C  / 

k  =  0 ;  / 

for  (j  =  0;  j  <  8;  j++)  i     / 

b  =  W0RKING_PTXTC8*i  +  j];  / 

if  (STATECb/8:  &  (1  <<  (b%8)))  / 

•  •  k  =  (k  >>  1  )  |  128;  / 

else  / 

•  •  k  =  (k  >>  1  )  !  0;  / 


i  =  search  engine  

k  =  result  of  byte  lookups 

j  =  byte  idx  

b  =  byte  value  

check  plaintext  vector  •-■ 
-■match  =  load  1  in  k  msb 


no  match 


load  0  into  k 


*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 


k  |=  STATECREG-PTXT-BYTE-MASK];  /* 

MATCHCi]  =  (unsigned  char)((k  ==  255)  ?  1 


set  bits  where  bytemask=1 
:  0); 


0  |!  STARTUP-DELAYCi  ]  >  0) 
and  do  C0  next  */ 


f  (  (STATECREG-SEARCH_STATUS( i )]  S  1)  =  = 
/*  If  search  not  active,  key  delta  =  0 
WORKING-KDELTAti]  =  0; 
WORKING-NEXT-SELECTORM]  =  1; 
else  if  (k  !=  0xFF  ||  ( STAT E C REG-S E ARC H-STATUS ( i  )  1     S  2)  || 

STARTUP-DELAYCi ]  <  0)  { 

/*  If  no  match  or  CURRENTLY  doing  C1  or  first  DES  result, 

•*  *  *  •  •  key  delta  =  1  and  do  C0  next. 

■  */ 

WORKING-KDELTACi]  =  1; 

WORKING-NEXT-SELECTORCi]  =  0; 

if  (k==0xFF) 

••printKeyInfo(stderr,  "ALERT:  Skip  match  while  doing  C1  ",  i); 

if  (k  ==  0xFF  &&  STARTUP-DELAYCi ]  <  0) 

••printKeylnfoCstderr,  "ALERT:  •••(C1  above  is  startup  phantom.) 

else  if  (WORKING-LAST-SELECTORCi ]  ==  0)  { 

/*  If  doing  C0  and  got  a  match  from  C0,  back  up  and  do  C1  */ 

WORKING-KDELTACi]  =  -1; 

WORKING^NEXT-SELECTORHi:  =  1; 

printKeyInfo(stderr,  "ALERT:  Match  C0;  will  backup  for  C1  ",  i); 


i  >; 
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6c  c  f  c7 
8a2ce9 
b22aaa 
62472c 
1be9d7 
dd98d4 
ea42  c  c 
8eb3e1 
5ece10 
326f e7 
cedf  1  c 
aea  f  5  a 
C03071 
fa2135 
ccc53f 
ef7e92 
136fe7 
8adf 1c 
d0af 5a 
018f cd 
77ea42 
6b2135 
7aa  f 5a 
d9c284 
8502ce 
9e22c0 
77b37c 
a3c  c  f  b 
0d481 f 
481503 
7d3bd1 
a60d03 
b042cc 
20af 5a 
84b9ef 
025020 
f e6d21 
ceada9 
6615de 
1542cc 
ea89a7 
cd6b8a 
265511 
6800b2 
78cbdc 
3aabf 4 
36609a 
353539 
5f3c97 
4d5d4c 
9af c9c 
b784fd 
8c4de8 
3605d1 
dcc5c9 
8995a3 
6c55bb 
81  1d82 
33dd9a 
637fb0 
e942cc 
1 aa  f  5a 
e370b8 
569701 
5ad73b 
25abd6 
8e98a9 
206f e7 
1ddf 1c 
a1 a  f  5a 
80cda8 
473b35 


}  else  { 

/*  If  doing  C0  and  got  a  match  from  C1,  halt  */ 
STATE[REG-SEARCH_STATUS(i  )3  8=  (255-1); 
WORKING-KDELTACi]  =  0  ; 
WORKING-NEXT-SELECTORCi 3  =  1; 

printKeylnfoCstderr,  "ALERT:  Matched  CI;  halting 
} 

(STARTUP-DELAYM  ]  <  0) 
ITARTUP-DELAYCi 3++; 


f  (DES-POSITION  ==  15)  { 

•for  (i  =  0;  i  <  24;  i++)  { 

• • • memcpy(THIS-KEY+i*7,  N EXT-KE Y+ i *7 ,  7); 

•  •  ■ memcpy(NEXT~KEY  +  i*7,  S T AT E  +  R EG-S E A R C H_KE Y ( i  )  ,  7); 

•  } 
> 

/*  END  OF  DES  CYCLE:  Extract  results  */ 
f  (DES-POSITION  ==  CLOCKS-PER-DES-1 )  { 
•for  (i  =  0;  i  <  24;  i++)  { 


/*  Do  the  DES  decryption  */ 

for  (j  =  0;  j  <  7;  j++) 

--keyCj]  =  THIS-KEYCi*7+(6-j)], 

for  (j  =  0;  j  <  8;  j++) 

••cllj3  =  W0RKING-CTXTH8*i+7-j  3, 

desDecryptCm,  c ,     key); 

for  (j  =  0;  j  <  8;  j++)  i 

•  •  W0RKING-PTXTlI8*i+7-j  3    =    m  [  j  3  , 

■■RAW-DES^OUTC8*i+7-j3     =    m  C  j  3  ; 

} 


f  (STA 
• WORKI 
• WORKI 
■ WORKI 
• WORKI 

f  ((ST 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
WORKI 
else 
f  (S 

■  WOR 

•  WOR 

•  WOR 

■  WOR 

•  WOR 

■  WOR 

•  WOR 

•  WOR 


TEHREG-SEARCHINF03  &  2)  i     

NG_PTXTC8*i+43  A=  WO RK  I  NG-PTXT [ 8* i +0 3  ; 
NG-PTXTC8*i+53  A=  WO RK I NG-PTXT C 8* i +1 3 ; 
NG^PTXTC8*i+63  A=  WO RK  I  NG-PTXT [ 8* i +2 3 ; 
NG^PTXTC8*i+73  A=  W0RKING-PTXT[8*i+33; 

ATECREG-SEARCH^STATUS( i  )3  &  2)  ==  0)  { 


NG-PTXTC8*i+03 
NG-PTXT[8*i+1 3 
N  G  ~  P  T  X  T  [  8  *  i  +  2  3 
NG^PTXTC8*i+33 
NG-PTXT[8*i+43 
NG-PTXT[8*i+53 
NG-PTXT[8*i+63 
NG^PTXTC8*i+73 

{  

TATECREG-SEARCHINF03  & 


1  )  { 


KING-PTXTL8*i+03 
KING-PTXTH8*i+1 3 
KING-PTXT[8*i+23 
KING-PTXTC8*i+33 
KING_PTXTC8*i+43 
K  I  N  G  -  P  T  X  T  C  8  *  i  +  5  3 
KING-PTXT[I8*i+63 
KING_PTXT[8*i+73 


STATEHREG..CIPHERTEXT0  +  03; 
STATE[REG^CIPHERTEXT0+13; 
STATECREG-CIPHERTEXT0+23; 
STATECREG-CIPHERTEXT0+33; 
STATECREG-CIPHERTEXT0+43; 
STATECREG^CIPHERTEXT0+53; 
STATECREG-CIPHERTEXT0+63; 
STATEHREG-CIPHERTEXT0+73; 


/*  Update  ciphertext  selector  (state  S  last)  */ 
WORKING^LAST-SELECTORCi 3  =  ( ST AT E [ 0x47+8* i 3  8  2) 

STATEC0x47+8*i 3  8=  0xFD;  /* 

if  (WORKING-NEXT^SELECTORHi 3)  /* 

••STATE[0x47  +  8*i3  j=  2;  /* 


/*  LAST  DES  CLOCK:  Load  in  the  updated  key  */ 
if  (DES-POSITION  ==  14)  { 


/*  if  extraXOR 

/*  ■ • ■ L  =  L  xo 

/*  " 

/*  "  

/■*  "  -  ■  •  • 


/ 

STATECREG-PTXT-XOR-MASK+03;  •/ 

STATECREG-PTXT-XOR-MASK+1  3;  •/ 

STATECREG-PTXT-XOR-MASK+23;  •/ 

STATECREG_PTXT_XOR_MASK+33;  •/ 

STATECREG-PTXT-XOR-MASK+43;  •/ 

STATECREG-.PTXT-XOR-MASK  +  53;  •/ 

STATECREGwPTXT^XOR^MASK+63;  •/ 
STATECREG-PTXT-XOR..MASK  +  73; 


i  f  c0,  

do  ptxtXorMsk 


if  d 

if  useCBC 

xor  with 


*/ 

*/ 
*/ 
*/ 
*/ 

*/ 
*/ 

*/ 
*/ 
*/ 

*/ 
*/ 
*/ 

*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 
*/ 


select  ciphertext  0  •■*/ 
...  unless  we  want  d  */ 
.  .  .  then  select  d  */ 
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e02135 
b45d9d 
635981 
4242cc 
a6f8e9 
e80a03 
0a42cc 
406f e7 
dedf 1c 
dlaf 5a 
a964de 
5c6cb5 
f 70d66 
34dbbd 
d38aeb 
b7afe2 
f 13dfa 
4f f6ee 
1a6f e7 
eedf 1c 
0faf 5a 
c82d95 
57519a 
a763d6 
bd9656 
455974 
f ef e54 
e632f7 
95fdfb 
3b3c9d 
051bd0 
b33a4d 
045e2a 
5c7b9a 
71af 5a 
b34cd8 
52cfb8 
f286c6 
023f74 
c854a4 
9e3a49 
6a5199 
9f078a 
6cc7f8 
8eef e6 
c9af 5a 
a4a  f  5a 
34d39e 
cc0b79 
77f 65b 
5717e0 
16af 5a 
2dd545 
e060e0 
75e4d8 
ad7454 
20af 5a 
9f815b 
6e9345 
8f 5c33 
0de5ed 
c3c59d 
be1f76 
4d452e 
c35c33 
9d7511 
42fe29 
45af 5a 
72d545 
ea47c0 
3d17d3 
7dcdbd 


for  (i  =  0;  i  <  24;  i++)  i 

f  (WORKING-KDELTAHi ]  ==  1)  {  

•increment32(STATE+REG-SEARCH-KEY(i)) 


f  (WORKING-KDELTAHi ]  ==  -1)  {  

•decrement32(STATE+REG-SEARCH-KEY(i)); 


- i  f  key  delta  =  1 
i  f  key  delta  =  -1 


*  DES  CLOCK  0:  Latch  in  new  working  keys  and  working  ciphertexts  */ 
f  (DES-POSITION  ==  0)  { 
for  (i  =  0;  i  <  24;  i++)  -C  /*  i  =  search  engine 

/*  pick  between  ctxt  0  and  ctxt  1?  */ 

if  ((STATE[REG-SEARCH-STATUS(i )]  &  2)  ==  0  88  ST A RTU P-D E L A Y [ i  ]  ==  0) 

•  -niemcpy(W0RKING-CTXT  +  8*i,  STATE+REG-C I PH ERTEXT0,  8);  /*  copy  c0 

else 

•  • memcpy(W0RKING-CTXT+8*i,  STATE  +  R EG-C I PH E RTEXT1 ,  8);  /*  copy  d 


•  Up 
=  1 

or  ( 
•J  & 
=  ( 
TATE 
TATE 
f  (( 

•  ALL 
Ise 

•  ALL 
TATE 
TATE 


date  C h i pA  I  I  Ac t i ve  ,  board  all  active 

i  =  0;  i  <  24;  i++) 
=  STATEC0x47+i*8]; 
j  8  1  )  ?  1  :  0  ; 

CREG-SEARCHINFO]  8  =  (255-4);  , 

CREG-SEARCHINFO]  |=  (4*j);  , 

STATECREGwSEARCHINFO:  8  16)  ==  0)  •-, 
ACTIVE-OUT  =  ALLACTIVE-IN; 


set  ChipAllActive 


If  board  all  active  enable  =  0 


ACTIVE-OUT  =  ALLACTIVE-IN  8  j; 

CREG-SEARCHINFO]  8=  (255-8);  

CREG-SEARCHINFO]  j=  ( 8* A LL A C T I  V E-OUT ) ; 


/*  set  board  al 
/*  set  board  al 


I  active 
I  active 


*/ 
*/ 
*/ 


*  Do  any  pending  updates  and  update  DES  cycle  position  */ 
f  (PENDING-UPDATE-ADDR1  >=  0) 

•  STATECPENDING-UPDATE-ADDR1  ]  =  PEN D I NG-U PD AT E-D AT A  1 ; 
ENDING-UPDATE-ADDR1  =  PEN D I NG-U PD AT E- A D D R2  ; 
ENDING-UPDATE-DATA1  =  PENDING-UPDATE-DATA2; 
ENDING-UPDATE-ADDR2  =  PEN D  I  NG-U PD AT E-A D DR3 ; 
ENDINGwUPDATE„DATA2  =  PEN D I NG-U PD AT E-D AT A3 ; 
ENDING-UPDATE-ADDR3  =  -1; 

ES-POSITION  =  (DES-POSITION  +  1)  %  CLOCKS-PER-DES; 


static  void  de s Dec ryp t ( uns i gned  char  mC8D,  unsigned  char  cC8], 
unsigned  char  kC7])  < 

•  *  b  o  o  I  keyC56],  messageC64]; 

•  *  i  n  t  i  ; 

flifdef  DEBUG 

•  •  printf  <"DES-DECRYPT(k=");  for  (i=0;  i<7;i++)  p  r  i  n  t  f  (  "  %02X  "  ,  k  C  i  ]  ) 
••printfC,  c  =  ");  for  (i=0;  i<8;i++)  p  r  i  n  t  f  (  "  %02X"  ,  c  C  i  ]  )  ; 

#end  i  f 

for  (i  =  0;  i  <  56;  i++) 

••keyr.55-i:  =  ((k[i/8D  <<  (i  &  7))  8  128)  ?  1  :  0; 

for  (i  =  0;  i  <  64;  i++) 

• •messageC63-i]  =  ((cCi/8]  <<  (i  8  7))  8  128)  ?  1  :  0; 

DecryptDES(key,  message,  message,  0); 

for  (i  =  0;  i  <  8;  i++) 

■  ■  m  I  i  J  =  0  ; 

for  (i  =  0;  i  <  64;  i++) 

••if  ( mes  sage£63-i ] ) 

• • • • mCi/8]  |=  128  >>  (i%8); 

fdef  DEBUG 

p  r  i  n  t  f (")  =  ")  ; 

for  (i=0;  i  <  8  ;  i  +  +  ) 

• •printf("%02X" ,mCi]); 
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3bfeb7  ■ * prlntf <",  c I k=% I d \ n ", C LOCK-COUNTER ) ; 

b87454  #endif 

leaf  5a 

87efe6  > 

97af 5a 

26af 5a 

e3af 5a 

2eaf 5a 

dba6b0  static  void  pr i n tKey I nf o ( F I LE  *outDev,  char  ♦preamble,  int  searchUnit)  i 

eac359  --fprintf(outDev,  preamble); 

b97d84  •  • f printf (outDev,  " ( K=%02X%02X%02X%02X%02X%02X%02X,  clk=%ld,  s ea r c hUn i t  =  %d  )  \ n ' 

d06867  STATEC0x40  +  8*searchUnit  +  6:,STATEC0x40  +  8*searchUnit  +  5:, 

9fa184  STATE[0x40  +  8*searchUnit  +  4D,STATEi:0x40  +  8*searchUnit  +  3], 

3b1668  STATE[0x40  +  8*searchUnit  +  2D,STATE:0x40  +  8*searchUnit  +  1D, 

10ceed  STATE[0x40  +  8*searchUnit  +  0],  CLOCK- COUNTER,  searchUnit); 

b3af  5a 

607332  ••printf(preamble); 

b7f622  -• printf ("(K  =  %02X%02X%02X%02X%02X%02X%02X,  clk=%ld,  s ea r c h Un i t  =  %d  )  \  n  "  , 

e66867  STATEC0x40+8*sea rchUn i  t  +  6] , STATEC 0x40  +  8*sea rchUn i  t  +  5 ] , 

f6a184  STATEC0x40  +  8*searchUnit  +  4],STATEC0x40  +  8*searchUnit  +  3:, 

ba1668  STATE[0x40  +  8*searchUnit  +  2:,STATEC0x40  +  8*searchUnit  +  1D, 

abceed  STATE  [  0x40  +  8*sea  rchUn  i  t  +  0]  ,  CLOCK-COUNTER,  searchUnit); 

ada  f  5a 

58efe6  > 

c0a  f  5a 

e6a  f  5a 

67838f  static  void  i nc remen t 32 ( uns i gned  char  *num)  { 

68708d  --if  ((++(numC0])>  ==  0) 

f2c3c0  ••■■if  (<++(numC1D))  ==  0) 

0949d0  if  ((++(numC23))  ==  0) 

7754ed  ++(numC3D); 

e7efe6  } 

b8af 5a 

f 5af 5a 

1fd062  static  void  de c remen t 32 ( uns i gned  char  *num)  { 

ded7cb  --if  (((numC0D)  — )  ==  0) 

8334ba  ••■■if  ( < <numC1 1 > — )  ==  0) 

654eee  if  ( ( ( numC 2 ]  ) -- )  ==  0) 

251e5b  (numC33)  — ; 

a0efe6  > 
44af 5a 
52af 5a 
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8d2d03  /********************************************************************** 

516967  •*  sim.h  * 

8c93bc  •*  Header  file  for  sim.c  * 

d629eb  ■*  * 

dd09fc  •*  --'Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  ■-•* 

708aaf  •*  and  PauL  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  * 

20caeb  •*  Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  * 

784992  •*  -THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK.  -* 

c329eb  -  *  * 

afc755  •*  -IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM.  •* 

0629eb  •*  * 

eb489b  .***************************************************************************** 

4629eb  •*  * 

726eef  •*  --REVISION  HISTORY:  * 

6829eb  •*  * 

8628d9  •*  --Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF.  * 

6129eb  -*  * 

75d8c3  .*****************************************************************************/ 
a  1  a  f  5a 
2  a  a  f  5  a 

1ac928  //define  REG_PTXT_VECTOR  (0x00) 

f821cd  //define  REG_PTXT_XOR_MASK  ••■(0x20) 

75b3c1  //define  REG_C  I  PH  E  RT  EXT0  (0x28) 

5a1752  //define  REG-C I PH E RT E XT1  (0x30) 

74db81  //define  REG_PTXT_B  YT  E_MASK  --(0x38) 

39107b  //define  REG_S  E  A  R  CH  I  N  FO  (0x3F) 

b2b9aa  //define  REG-S  E  AR  CH_KE  Y  (  x  )  ---(0x40  +  8*(x)) 

86701d  //define  REG_S  E  A  RCH_ST  ATUS  (  x  )  (0x47  +  8*(x)) 

1d60ef  //define  C LOCKS_PER_D ES  16 

e  ba  f  5  a 

bd7608  int  RunChip(char  *  i  n  p  u  t  ,  FILE  *outfile,  int  useRaw); 

7da99d  long  getClockCounter(void); 

5273d4  int  peekState(int  reg);  /*  runs  chip  &  returns  DATA  value  */ 

19af 5a 
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8d2d03  /***************************************************************************** 

a1132a  •*  testvec.c  * 

8bd58f  •*  DES  ASIC  SimLator,  Test  Vector  Generation  Program  * 

9429eb  ■*  * 

5409fc  -*  ■••Written  1998  by  Cryptography  Research  (http://www.cryptography.com)  •••* 

058aaf  •*  and  Paul  Kocher  for  the  Electronic  Frontier  Foundation  (EFF).  * 

71caeb  •*  Placed  in  the  public  domain  by  Cryptography  Research  and  EFF.  * 

5e4992  •*  -THIS  IS  UNSUPPORTED  FREE  SOFTWARE.  USE  AND  DISTRIBUTE  AT  YOUR  OWN  RISK.  •* 

9529eb  -  *  * 

15c755  •*  -IMPORTANT:  U.S.  LAW  MAY  REGULATE  THE  USE  AND/OR  EXPORT  OF  THIS  PROGRAM.  •* 

5a29eb  •*  * 

6  5  489b  .***************************************************** ****^ 

b629eb  -*  * 

d815cb  ■*  ••  IMPLEMENTATION  NOTES:  * 

8829eb  •*  * 

53a8b8  •*  --This  program  automatically  determines  the  configuration  of  a  search  •••■* 

521db9  **  --array.  -Additional  diagnostic  code  should  be  added  to  detect  common  ••••* 

9a87f9  •*  --chip  failures  (once  these  are  known).  * 

e029eb  •*  * 

76489b  -a*************************************************** *******^ 

6329eb  -*  * 

566eef  -*  --REVISION  HISTORY:  * 

ba29eb  •*  * 

a028d9  •*  --Version  1.0:  -Initial  release  by  Cryptography  Research  to  EFF.  * 

5b29eb  -*  * 

a  a d 8 c 3  ■*****************************************************************************/ 

a8af 5a 

d6feb2  ^include  <stdio.h> 

63bea3  ^include  <stdlib.h> 

9fc737  Sinclude  <memory.h> 

93324c  ^include  <string.h> 

1a0a8b  //include  <time.h> 

1 1 bd  7 1  //include  "sim.h" 

9aaf 5a 

31decb  int  USE-RAW-IO  =  0; 

b0a91d  FILE  * F I LE-TO C H I P ,  * F I L E_ F ROM C H  I  P;  /*  TOCHIP  can  be  input  *or*  output  */ 

4fca8d  int  •  C RE  AT  I NG-VECTOR ;  /*  reading  vs  writing  TOCHIP  file  */ 

3e98dc  unsigned  char  HARDWIRED^CHIP-ID  •=  0x3  A; 
e0af  5a 

7f583a  int  ALLACTIVE-IN  =  1 ;  /*  gets  toggled  randomly  *  / 

2ce03a  int  BOARD-ENu-IN  •=  1;  /*  input  value  for  run-set/check  */ 

13b9cd  int  ADRSEL1-IN  •-=  1; 

36af 5a 

60af 5a 

e17897  void  Ge t Us e r I n f o ( un s i gned  char  p  I  a i n t ex t Vec t o r C32  ]  , 

302461  unsigned  char  p I  a i n t ex t Xo rMa s k C 8  ]  , 

90910f  unsigned  char  c i phe r t ex 1 0 C 8 D  ,  unsigned  char  c i phe r t ex t L81  , 

b5446e  unsigned  char  *p  I  a i nt ex t By t eMa s k,  int  *useCBC,  int  *extraXor, 

7bc016  int  * randomVe c t o r  ,  unsigned  char  s t a r t Key C 7  ]  ,  long  * t o t a  I  C  I  o c ks  )  ; 

cd1884  void  Loads t a t e ( uns i gned  char  p  I  a i n t ex t Ve c t or C32  ]  , 

fb2461  unsigned  char  p I  a i n t ex t Xo r Ma s k [8] , 

481fa8  unsigned  char  c i phe r t ex 1 0C8]  ,  unsigned  char  c i phe r t ex 1 1 C8]  , 

d0a024  unsigned  char  p I  a i n t ex t By t eMa s k ,  int  useCBC,  int  extraXor, 

c80ccc  unsigned  char  startKeyC7H); 

511a5e  void  RunSimulator^SetRegister(int  addr,  int  data); 

8b5fd9  unsigned  char  RunSimulator-CheckRegister(int  addr); 

80703f  void  RunSimulator_.DummyIO(void); 

94708e  static  void  EXIT„ERR(char  *  s )  -C  f  printf  (stderr,  s);  exitd);  > 

eba  f  5a 

d6f314  void  desDecrypt(unsigned  char  m  C  8  ]  ,  unsigned  char  cC8D,  unsigned  char  kC7D); 

6eabe4  void  increment32(unsigned  char  *num); 

42cba5  void  decrement32(unsigned  char  *num); 

2d560a  int  hex2bin(char  *hex,  unsigned  char  *bin); 

77a5c5  void  printHexString(char  *tag,  unsigned  char  *data,  int  len); 

33f163  void  OpenFi  les(char  *toChipFilename,  char  *f ronChipFi  lename,  int  useRaw); 

b2bd55  void  printKeyInfo(FILE  *outDev,  char  *preamble,  int  searchUnit); 

65a99d  long  getClockCounter(void); 

8b3363  void  proceedNormal(long  totalClocks); 

c7a6a5  void  proceedRandom(void); 

caa  f  5a 

11af 5a 

a238e5  /* 
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4f 775e 
ac775e 
0f f 92c 
5b775e 
9a775e 
81775e 
2d495d 
b6af 5a 
6daf 5a 
b179bf 
5a7ab8 
736f 32 
aded17 
f ce93c 
81b1b4 
5bcc34 
b9f 974 
ac92d0 
1 aaf 5a 
0796ed 
c0795d 
5626d6 
8134ad 
1 1 4f 39 
67803c 
703172 
8b646c 
37df 1 c 
16af 5a 
026000 
802ba4 
3369bb 
cf df 37 
7f bbb4 
def9a6 
18bbf9 
a3a  f  5  a 
97ee0b 
ac50a4 
e6eb83 
66b843 
a52d5f 
01563f 
1a2d5f 
97f 0ee 
b86f e7 
4a49d8 
89ae2b 
08828a 
f 497e4 
ac3a38 
f635be 
b694d0 
95c26c 
717a5a 
a  1 a0a2 
e16a79 
5ac986 
cf ccdd 
91c26c 
456f e7 
33af 5a 
21f70d 
a00659 
5c55a3 
3d55a3 
cd55a3 
7655a3 
62a71b 
9f  f 16b 
1eb67c 
93084e 


THESE  FUNCTIONS  CREATE  AND  MANAGE  THE  TEST  VECTORS. 


void  main(int  argc,  char  **argv)  -C 

unsigned  char  s t a r t Key C 7] ,  p I a i n t ex t Ve c t o r L 32  ] 

unsigned  char  pLaintextXorMaskC8D; 

unsigned  char  ciphertext0C8]; 

unsigned  char  ciphertext1C8]; 

unsigned  char  p L a i n t ex t By t eMa s k ; 

int  useCBC,  extraXor,  randomVector; 

long  totalClocks; 

char  buf  ferC512II; 


f  (argc 


fprintf(stderr, 
fprintf(stderr, 
fprintf (stderr, 
f  p  r  i  nt  f ( s tde  r  r, 
fprintf(stderr, 
f pr  i  nt  f ( s  tde  r  r  , 
e  x  i  t  ( 1  )  ; 


3  &8  argc  !=  4)  i 


'Command  Line:  TO-CHIP.OUT  F ROM-C H I P . OUT  [RAW3\n">; 

TO-CHIP.OUT  File  for  data  going  to  chip\n"); 

(If  this  file  exists,  it  will  be  simulated. \n 

Otherwise,  a  new  file  will  be  created.  )\n"); 

FROM-CHIP.OUT  -—File  for  chip's  output\n"  ); 

RAW  Gives  unix  CRLFs  &  no  header.  \n"); 


>; 


/* 


*  Open  files  and  set  C RE AT  I NG-V ECTOR  to 

*  •  •  •  • 0  =  reading  TOCHIP  file, 

*  1=create  TOCHIP  from  user  input, 

*  2=create  random  vector 


Open F i  I  es  (  a rgvC 1 ] ,  argvf.2],  (argc 


4) 


f  (CREATING-VECTOR  ==  0)  { 
fprintf(stderr,  "Using  input  vector  from  file.Nn"); 
whi  le  (1  )  { 

if  (f gets(buf f er,  500,  FILE-TOCHIP)  ==  NULL) 

• • break; 

if  (strlen(buffer)  <  10) 

•  -  break; 

RunChip(buf f er,  F I LE- F ROMC H  I  P,  USE-RAW-IO); 
> 

else  { 
Ge t Use r I n f o ( p  I  a i n t ex t Ve c t o r  ,  p  I  a i n t ex t Xo rMa s k,  ciphertext0,  ciphertextl 

8p la i nt ex t By t eMa s k,  SuseCBC,  &extraXor,  & randomVe c t o r  ,  startKey 

&totalClocks); 

if  (randomVector  ==  0)  { 

•■fprintf(stderr,  "Seed=random  (time-based)\nM); 

••srand((unsigned)  time(NULD); 

••HARDWIRED-CHIP-ID  =  (unsigned  char)(rand()  S  255); 

>  else  if  (randomVector  ==  1)  -C 
••fprintf(stderr,  "Using  user  params.\n"); 

>  else  { 

••fprintf(stderr,  "Seed=%d\n",  randomVector); 

• • srand(randomVector); 

••HARDWIRED-CHIP-ID  =  (unsigned  char)(rand()  &  255); 

> 

/*  Reset  chip  and  set  the  chip  ID  */ 


spr  i  n t  f ( buffer, 
RunCh  i  p ( buffer, 
RunChi  p ( buffer, 
RunChi  p( buffer, 
RunChi  p( buf  f er, 
sprintf(buffer, 

HARDWIRED-CHI P- ID); 

RunChip(buf f er,  F I LE- F ROMC H  I  P 
fputs(buffer,  FILE-TOCHIP); 


"01011111  00  %02X  00\n",  HARDWIRED-CHIP-ID); 
FILE-FROMCHIP,  USE-RAW-IO);  f pu t s ( bu f f e r ,  FILE-TOCHIP); 

USE-RAW-IO);  f put s < buf f e r ,  FILE-TOCHIP); 

USE-RAW-IO);  f put s < buf f er,  FILE-TOCHIP); 

USE-RAW-IO);  f put s < buf f er,  FILE-TOCHIP); 

%02X  00\n",  HARDWIRED-CHIP-ID, 


FILE-FROMCHIP, 
FILE-FROMCHIP, 
FILE-FROMCHIP, 
"11011111  %02X 


USE-RAW-IO) 
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ba5b1f 
34b67c 
7a084e 
ce47a4 
e3b67c 
80084e 
b0af 5a 
fd317c 
971b90 
4b91ef 
6d3cb4 
916a79 
92057c 
7f6fe7 
4bdf 1c 
a7a  f  5a 
a46b7f 
fd9918 
a9650b 
0def  e6 
b7af 5a 
b4af 5a 
b3bbdb 
3be2b8 
341614 
0b929f 
80af 5a 
27a415 
a40a43 
021f4e 
e8b4b9 
318957 
325f6a 
9b6f  e7 
442135 
9ab4ea 
d7bdac 
3ca6a  b 
b9f  e40 
d4f  e40 
f  f  42cc 
c7d86b 
7e760d 
598b76 
4c6426 
c910b2 
2cb297 
91b4ef 
1b5bbf 
1a2f 2b 
f baf 5a 
abf636 
b15425 
64677e 
652f98 
1d7e87 
9e7fb0 
0de535 
e10493 
db75ed 
6a  f e40 
e336e  c 
4242cc 
dd6f  e7 
06df 1c 
f  1efe6 
ada  f  5a 
0baf 5a 
d31874 
840515 
74a4ed 
29e13a 


buffer:  2]  =  ■  1  '; 

RunChip(buffer,  FILE-FROMCHIP,  USE^.RAW-10); 

f puts(buf f er,  F  I  LE-TOCH I P ) ; 

buffer^]  =  '  0  '  ; 

RunChip(buffer,  FILE-FROMCHIP,  USE_RAW_I0); 

fputs(buffer,  FILE-TOCHIP); 

if  (  randomVec  tor  ==  1)  -C 

•  *  Loads t a t e ( p L a i n t ex t Vec t or,  p L a i n t ex t Xo rMa s k,  ciphertextl 
plaintextByteMask,  useCBC,  extraXor,  startKey); 

- -proceedNormal(totalClocks); 
>  else  { 

•  •  proceedRandomO; 
> 


ciphertextl 


/*  Clean  up  a  bit  (doesn't  really  matter 

fclose(FILE-FROMCHIP); 

f close( FILE-TOCHIP); 


void  proceedNorma  I  (  long  totalClocks)  -C 
long  numClocks  =  getClockCounter(); 
unsigned  char  goodKeyC8]; 
i  n  t  i  ,  j  ,  r  ; 


-  this  is  test  code 


while  ( 
r  =  R 

if  (r 

•  -  f  p  r 

•  -  Run 
■  •  con 
} 
for  ( 

/* 
if 

•  •  R 

•  •  R 

•  •  R 


++numClocks  <  totalClocks)  i 

unSimulator-CheckRegister(REG-SEARCHINFO); 
8  4)  { 

intf  (stderr,  " Idle \n"); 

Simulator_DummyIO( ); 
tinue; 

i  =  0;  i  <  24;  i++)  { 

If  we're  going  to  see  a  stall,  give  some  settling  time  */ 

(  (peekState(REG-SEARCH_STATUS(i  ) )  S  1)  ==  0)  i     /*  stalled?  */ 

unSimulator_DummyIO();  /*  wait  before  read  */ 

unSimulator-DummyIO( )  ; 
unSimulator_DummyIO(); 


RunSimulator_CheckRegister(REG_SEARCH_STATUS(i)); 

((r  8  1)  ==  0)  {  /*  stalled 

oodKey[6]  =  RunS i mu  I  a t o r-C hec kReg i s t e r ( REG~S E ARC H^KE Y ( i  ) +0 )  ; 
oodKeyC5]  =  RunS i mu  I  a  to r-Chec kReg i s t e r ( REG-S EARCH-KE Y ( i )  +  1 ) ; 
oodKey[4:  =  Run S i mu  I  a t o r_C h e c kReg i s t e r ( R EG-S E A RC H_KE Y ( i )  +  2 ) 
oodKey[3D  =  RunS i mu  I  a  to r„C hec kReg i s t e r ( REG-S EARC H-KE Y ( i )  +  3 ) 
oodKey[2D  =  RunS i mu I  a t o r_C hec kReg i s t e r ( REG-S EARC H-KE Y ( i )  +  4  ) 
oodKeyMD  =  RunS  i  mu  I  a  t  o  r_C  hec  kReg  i  s  t  e  r  (  REG-S  EARC  H_KE  Y  (  i  )  +  5  ) 
oodKey[0D  =  RunS i mu  I  a t o r-C hec kReg i s t e r ( REG-S EARC H-KE Y ( i )  +  6 ) 


*/ 


rintf (stderr,  "ALERT:  Full  match  in  unit  %d;  extracted  k 
intf (" ALERT:  Full  match  in  unit  %d;  extracted  k  =  ",  i); 
r  (j  =  0;  j  <  7;  j++)  i 
fprintf(stderr,  "%02X" ,  goodKeyCjD); 
printf("%02X",  goodKeyCj]); 


i  >; 


rintf (stderr,  "\n"); 
i  n  t  f  (  "  \  n  "  )  ; 

nSimulator„DummyIO();  

nSimulator-DummyIO( ); 
nSimulator-SetRegister(REG-SEARCH„STATUS(i) 


Settling  time 


void  p roceedRandom ( vo i d )  { 
•-unsigned  char  readoutC256]; 
•■unsigned  char  goodKeyC7]; 
•  •  i  n  t  i  ,  j  ; 
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4af e41 
14d1fd 
23af 5a 
6c852a 
73af 5a 
42c34a 
ae477e 
70a328 
0d13b4 
926486 
21e479 
54e749 
52079a 
2f 6f e7 
dcdf 1c 
84af 5a 
68fd4c 
03339a 
579479 
c61 f 76 
d332be 
671f76 
c  c  e0be 
631 f 76 
7849e3 
e1  c5ca 
c99aac 
0bf 2a6 
02b125 
040688 
891 cca 
0b98b9 
ecf dd9 
98df 1c 
daa  f  5  a 
8ea083 
df 1999 
6b1901 
d59097 
219101 
385173 
3d6ca2 
65571a 
51 df 1c 
b31dc8 
632004 
1 51901 
8c809e 
539101 
f 12abb 
97e66a 
b1093a 
217dae 
d2df8b 
cfd9f3 
1536a3 
3b4237 
1d0767 
8436ec 
53ca8d 
02b8df 
8a3d3b 
b905c9 
8642cc 
c65501 
de6f e7 
cbdf 1 c 
f baf 5a 
ab917c 
3f ef 47 
308260 
2621 f f 


unsigned  char  plaintextVectorL~32D; 
char  buf ferC256:; 

/*  chip  has  already  been  set  and  the  chip  ID  has  been  Loaded  */ 

/*  Create  plaintext  vector  with  181  bits  set  */ 
memsetCplaintextVector,  0,  sizeof(plaintextVector)); 
i  =  0; 
while  (i  <  181 )  { 

j  =  randO  &  25  5; 

if  ( (plaintextVectorC j  /8H  &  (1  <<  (j  %  8)))  ==  0)  { 

••plaintext Vector[j/8]  |=  (1  <<  (j  %  8)>; 

•  •  i  +  +  ; 

> 
> 


plaintextVectorti  D  ) 
randO  &  2  5  5); 


/*  Load  state  */ 

for  (i  =  0;  i  <  32;  i++) 

RunSi mu  I  a t o r-Se t Reg i ster ( R EG-PTXT-VECTOR  +  i 
for  (i  =  0;  i  <  8;  i++) 

RunSimulator-SetRegister(REG^PTXT^XOR^MASK  +  i 
for  (i  =  0;  i  <  8;  i++) 

RunSimulatorwSetRegister(REG-CIPHERTEXT0  +  i,  randO  &  255); 
for  (i  =  0;  i  <  8;  i++) 

RunSimulatorwSetRegister(REG-CIPHERTEXT1  +  i  ,  randO  &  255); 
RunSimulator-SetRegister(REG-PTXT^BYTE-MASK,  1  <<  (randO  &  7)); 

=  (randO  %  3)  +  (randO  8  16);  •/*  0/1/2  for  CBC  &  extraXor.  16  =  activ0n 

fprintf(stderr,  "Using  mode  %d  with  ActiveOn=%d.\n",  (i&3),  i/16); 

RunSimulator-SetRegister(REG^SEARCHINFO,  i ); 
for  (i  =  0;  i  <  24;  i++)  {  /*  for  each  engine 

for  (j  =  0;  j  <  7;  j++)  /*  set  random  start  key 

••RunSimulator^SetRegister(REG-SEARCH-KEY(i)+j,  randO  S  255); 

RunSimulator-SetRegisterCREG-SEARCH-STATUS(i),  1); 


> 

/* 
for 


/* 
for 


> 

/* 

for 

•  •  r 

/* 

for 


Read  out  all  registers  (real  and  not)  except  for  ptxt  vector  */ 

(i  =  255;  i  >=  32;  i--) 
eadoutCi]  =  RunSimulator^CheckRegisterCi); 
Change  the  key  in  any  stopped  units  */ 

( i  =  0 ;  i  <  2  4;  i  +  + )  i 

f  ( (readoutCREG-SEARCH-STATUSCi  )]  S  1)  ==  0)  

•RunSimulator^SetRegister(REG-SEARCH-KEYCi), 

readoutCREG-SEARCH^KEY(i):  A  0x08);  


/*  sta  I  led? 
•  /*  fix  key 


Read  out  ptxt  vector  */ 

(i  =  31;  i  >=  0;  -j--) 
eadoutCi]  =  RunS i mu  I  a t o r-C h e c kReg i s 
scan  stopped  units  */ 
■  '  ) 


t  e  r  (  i  )  ; 


fprintf(stderr,  "%02X",  goodKeyCj]); 
»B;-f*Pi»«5vN   goodKeytj]); 


printf<"%02X' 


fprintf(stderr,  "\n"); 


/*  pick  a  different  chip,  read/write  some  registers,  and  reset  chip  id  */ 
do  {  i  =  randO  &  255;  >  while  (i  ==  H  AR  DW  I  R  E  D^C  H  I  P-I  D  )  ; 
sprintf (buf f er,  "11011111  %02X  %02X  00\n",  i,  H A RD W I R E D^C H I P„I D ) ; 
RunChip(buffer,  FILE^FROMCHIP,  USE^RAW-IO); 
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477f 59 
146c5f 
8921 f f 
527f 59 
0f 70e4 
a421f f 
b07f 59 
6b1f76 
feca76 
161 f 76 
46b8cf 
6615e8 
04867c 
5b21 f f 
a57f 59 
836c5f 
ed21f f 
If 7f 59 
c  c70e4 
7b21f f 
1c7f 59 
9daf 5a 
3074d9 
234255 
71cb06 
732414 
42ca76 
0e2414 
0fb8cf 
594255 
9891da 
241 f 76 
71ca76 
7b1f 76 
54b8cf 
2c1889 
f bcb06 
dalf 76 
a  eca76 
e41 f 76 
b8b8cf 
f81889 
1491da 
4caf 5a 
8ce7e0 
99741b 
771901 
7e809e 
199101 
b02abb 
76e66a 
c2093a 
287dae 
96df8b 
43d9f3 
eb36a3 
c34237 
9bc697 
5aca8d 
34b8df 
883d3b 
f c05c9 
f742cc 
d85501 
a56f e7 
04df  1c 
81ef e6 
b2af 5a 
8baf 5a 
dbaf 5a 
be7897 
4f 2461 


f  put 
buff 
RunC 
f  put 
buff 
RunC 
f  put 
for 

•  •  Ru 
for 

•  •  Ru 
spri 

RunC 
f  put 
buff 
RunC 
f  put 
buff 
RunC 
f  put 

/*  T 
BOAR 
ADRS 
for 

•  -  Ru 
for 

-  •  Ru 
BOAR 
ADRS 
for 

-  -  Ru 
for 

■  ■  Ru 
BOAR 
ADRS 
for 

■  -  Ru 
for 

■  •  Ru 
BOAR 
ADRS 


s(buf f e 
er[2]  = 
h  i  p ( bu  f 
s(buf f e 
er[2]  = 
h  i  p ( bu  f 
s(buf f e 
(  i  =  0  ; 
nSimula 
(  i  =  0  ; 
nS  i  mu  I  a 
ntf (buf 
• • • ■ HAR 
h  i  p ( bu  f 
s(buf f e 
er[2]  = 
h  i  p ( bu  f 
s(buf f e 
er[2]  = 
h  i  p ( bu  f 
s(buf f e 

est  boa 
D-EN-IN 
EL1-IN 
(  i  =  0  ; 
nS  i  mu  L  a 
(  i  =  0  ; 
nS  i  mu  L  a 
D-EN-IN 
EL1-IN 
(  i  =  0  ; 
nS  i  mu  L  a 
(  i  =  0  ; 
nS  i  mu  L  a 
D-EN-IN 
EL1-IN 
(  i  =  0  ; 
nS  i  mu  L  a 
(  i  =  0  ; 
nSi  mu  L  a 
D-EN-IN 
EL1-IN 


FILE-TOCHIP) 


1  1 
f  e  r 
r  , 

'0 
fer 
r  , 

i 
tor 

i 
tor 
fer 
DWI 
fer 
r  , 

'  1 
fer 
r, 

'0 
fer 
r  , 


,  FI 
FILE 

/  FI 

FILE 

<  8; 
-Set 

<  8; 
-Che 
r  "1 
RED- 
,  FI 
FILE 

/fi 

FILE 

,'  FI 
FILE 


LE-FR 
-TOCH 

LE-FR 
-TOCH 

i++) 
Regi  s 

i++) 
ckReg 
10111 
CHIP- 
LE-FR 
-TOCH 

LE-FR 
-TOCH 

LE-FR 
-TOCH 


OMCHIP,  USE-RAW-IO) ; 
IP); 

OMCHIP,  USE-RAW-IO); 
IP); 

ter(randC)    8    255,     randO    &    255); 

ister(randC)  8  255); 

11  %02X  %02X  00\n",  HARDWIRED-CHIP-ID, 

ID); 

OMCHIP,  USE-RAW-IO); 

IP); 

OMCHIP,  USE-RAW-IO); 
IP); 


OMCHIP,  USE-RAW-IO) 
IP); 


rd  enable  and  ADRSEL1  */ 


i  <  4  ;  i  +  +  ) 
tor-SetRegister(rand()    8    255,     randO    8    255); 

i  <  4  ;  i  +  +  ) 
tor_CheckRegister(rand()  8  255); 


i     <    8 ;     i  +  +  ) 
tor-SetRegister(rand()    8    255,     randO    8    255); 

i     <    8  ;     i  +  +  ) 
tor-CheckRegister(randC)    8    255); 

=    1; 
=    0; 

i     <    8  ;     i  +  +  ) 
tor-SetRegister(rand()    8    255,     randO    8    255); 

i     <    8  ;     i  +  +  ) 
tor-CheckRegister(rand()    8    255); 

=    1; 
=    1  ; 


/*  Make  a  final  pass  reading  all  the  registers  */ 

for  (i  =  255;  i  >=  0;  i  — ) 

••readoutCi]  =  RunSimulator-CheckRegister(i); 

/*  scan  stopped  units  */ 

for  (i  =  0;  i  <  24;  i++)  { 

f  ( ( readoutCREG-SEARCH-STATUS( i  )]  8  1)  ==  0)  {  

goodKey[63  =  RunS i mu I  a t o r-Chec kReg i s t e r ( REG-S E ARC H-KE Y ( i  )  + 
goodKey[5D  =  RunSimulator-CheckRegister(REG-SEARCH-KEY(i)+1); 
goodKeyC4:  =  RunSimulator-CheckRegister(REG-SEARCH-KEY(i)+2); 
goodKeyC3D  =  RunS i mu I  a t o r-C h e c kReg i s t e r ( R EG-S E A R C H-KE Y ( i ) +3  ) 
goodKeyC2]  =  Run S i mu I  a t o r-C h e c kR eg i s t e r ( R E G-S E A R C H-KE Y ( i  )  +  4  ) 
goodKeyCID  =  RunS i mu I  a t or-Chec kReg i s t e r ( R EG-S E ARC H-KE Y ( i )  +  5  ) 
goodKeyHOD  =  Ru nS i mu I  a t o r-C h e c kReg i s t e r ( R EG-S E A R C H-KE Y ( i  )  +6  ) 

RunSimulator-SetRegister(REG-SEARCH-STATUS(i),  1);  

fprintf (stderr,  "******  Full  match  in  unit  %d;  extracted  k  = 
for  (j  =  0;  j  <  7;  j++)  -C 
■•fprintfCstderr,  "%02X",  goodKeytj]); 
■ ■printf("%02X",  goodKeyCj]); 
> 

fprintfCstderr,  " \ n "  )  ; 
} 


void  Ge t Use r I nf o ( uns i gned  char  p  I  a i n t ex t Ve c t o r C 32  ]  , 
unsigned  char  p  I  a i n t ex t Xo rMa s kC8  ]  , 


/*  stalled?  */ 
); 


restart 

i ); 
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261fa8 
49446e 
8b9f 02 
ef 0e71 
98c6d6 
f e17e0 
b5af 5a 
77659f 
10766e 
13b72a 
4953dd 
b0112c 
481bcb 
83f 545 
24f3bf 
9aaf 5a 
51ee8b 
14766e 
2db72a 
aa1856 
fba670 
91b657 
b9af 5a 
b83a0c 
b6766e 
67b72a 
a21856 
c0cf 62 
2998f 3 
16af 5a 
e9a5d9 
eb766e 
26b72a 
c41856 
21 cb49 
1e1da6 
51af 5a 
f ed221 
9f766e 
b5b72a 
968448 
69f706 
1dc2b5 
93af 5a 
a51b21 
72766e 
1bb72a 
a415b9 
1519c6 
cde2d 
7ca  f  5a 
bdf 965 
28766e 
3ab72a 
e915b9 
7a6c75 
8e2353 
92af 5a 
2e04d5 
35766e 
3eb72a 
a68448 
6f bb66 
9db530 
d4af 5a 
40c8bf 
a2766e 
07e684 
c3a5e4 
f 30ed3 
6ca  f 5a 
af f 4f 6 
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unsigned  char  c i phe r t ex t 0 C 8]  ,  unsigned  char  c i phe r t ex 1 1 C8  1 , 

unsigned  char  *p  I  a i n t ex t By t eMa s k,  int  *useCBC,  int  *extraXor, 

int  * randomVec to r,  unsigned  char  startKey[7],  Long  *t ot a L C L oc ks  )  i 

char  buf ferC1024D; 
unsigned  char  tmp[512D; 
int  i  ; 

printf("  Enter  plaintextVector  values:  "); 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  <=  0  j  |  i  >=  256) 

•  • EXIT^ERR(  "Must  have  at  Least  1  p L a i n t ex t Vec t o r  entry  and  at  most  255.  \n"> 

memsetCplaintextVector,  0,  3  2); 

whi  Le  Ci  —  ) 

••pLaintextVectorCtmpCi]/8D  | =  (1  <<  (tmpCi]  %  8  )  )  ; 

printfC"  ---Enter  plaintext  xor  mask:  "); 

gets(buffer); 

i  =  hex2bin(buffer,  trap); 

if  (i  !=  8) 

••EXIT_ERR("Must  have  8  plaintext  xor  mask  bytes."); 

memcpy ( p  I  a i n t ex t Xo rMa s k,  tmp,  8); 


Enter  ciphertext 


>; 


printfC"  

gets(buffer); 

i  =  hex2bin(buffer,  trap); 

if  (i  !=  8) 

—  EXIT-ERRC'Must     have    8    bytes     in    ciphertext    0."); 

memcpy ( c i phe r text  0,  tmp,  8); 

printfC"  Enter  ciphertext  1  :  "); 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  !=  8) 

••EXIT-ERR("Must  have  8  bytes  in  ciphertext  1."); 

memcpy(ciphertext1,  tmp,  8); 

printfC"  • -Enter  plaintext  byte  mask:  "); 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  !=  1  ) 

•■EXIT_ERR("  Plaintext  byte  mask  is  1  byte  Long."); 

*plaintextByteMask  =  t  m  p  C  0 ] ; 

printfC"  Enter  useCBC  (0  or  1):  "); 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  !=  1  |  |  tmpC0]  >  1) 

• • EXIT-ERR("Must  enter  0  or  1  for  useCBC."); 

*useCBC  =  tmp[0]; 

printf("  Enter  extraXor  (0  or  1):  "); 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  (i  !=  1  |  |  tmpC0]  >  1  ) 

•■EXIT_ERR("Must  enter  0  or  1  for  extraXor."); 

*extraXor  =  t  m  p  C  0  D ; 

printf("  Enter  randomVector  (0=randomize,  1=user  input,  >1=seed):  "); 

gets(buffer); 

i  =  hex2bin(buffer,  tmp); 

if  ( i  ! =  1 ) 

•  •  EXIT..ERR ( "Mus t  enter  0  =  randomize  1=use  input,  >1=vaLue  for  prng  seed).") 

♦randomVector  =  t  m  p  C  0  ]  ; 

printfC"  Enter  starting  key:  "); 

gets(buffer); 

if  (hex2bi n(buf f er,  tmp)  !=  7) 

■■EXIT^ERRC'Must    enter    7    hex    bytes    as    the     key.\n"); 

memcpy(startKey,  tmp,  7); 


p  r  i  n  t  f  ( 


Enter  number  of  clocks 


"  ) 
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74766e 
775582 
0f9780 
e4b093 
33af 5a 
62186d 
5aa738 
44f f c6 
913b57 
83dd31 
37e15b 
012f30 
bbe751 
b81535 
bed787 
e2e  f e6 
e0af  5a 
daaf  5a 
711884 
182461 
541fa8 
e3a024 
40e619 
c917e0 
0baf 5a 
af 339a 
a19479 
371f76 
c0a554 
1 31 f 76 
6d2b06 
031f 76 
02abab 
05ea2e 
5b35f 1 
7e824a 
9d0688 
C40441 
da0982 
d432d7 
751204 
a3696d 
b864ae 
4d13e5 
e7fdd9 
8adf  1c 
54ef e6 
15af 5a 
5daf 5a 
ada  f  5a 
8b5194 
abdlfd 
f8af 5a 
3c9186 
d25f05 
a  f a8dd 
7721ff 
047f 59 
dlaf 5a 
6ecb50 
93a8dd 
c621f f 
3d7f 59 
44af 5a 
bb5f05 
cda8dd 
8821f f 
b57f  59 
6faf 5a 
073db7 
1debd9 
e9ef e6 


gets(buffer); 

sscanf (buffer,  "%ld",  totalClocks); 

if  (*tota LC locks  <  1  |j  *totaLCLocks  >  1000000000L) 

••EXIT-ERR("Must  have  between  1  and  1  billion  clocks. \n") 


printHexString( 
printHexString( 
printHexString( 
printHexString( 
pr  i  nt HexS t  r i  ng ( 

printf(  

printf(  

printf(  

printHexString( 
printf(  


'\n  • PtxtVector 

■  PtxtXorMask  = 
'Ciphertext  0  = 
'Cipher-text  1  = 
'PtxtByteMask  = 

■  useCBC  = 

'  *  *  • ext  raXor  = 

'  ra  ndomVe  ctor  = 

"Starting  key  = 

'Total  clocks  = 


',  p  la i n text  Vector,  32) 

plaintextXorMask,  8 )  ; 

ciphertext0,  8 ) ; 

ciphertextl,  8  )  ; 

plaintextByteMask,  1  )  ; 
%  d  \  n  "  ,  *  u  s  e  C  B  C  )  ; 
%d\n"  ,  *extraXor); 
%x\n",  *randomVector); 

startKey,  7 ) ; 
%  I  d  \  n  \  n  "  ,  *totalClocks); 


void  LoadS t a t e ( uns i gned  char  p  I  a i n t ex t Vec t o r C32  ]  , 

unsigned  char  p  I  a i n t ex t XorMa s kC8]  , 

unsigned  char  c i phe r t ex 1 0C 8] ,  unsigned  char  c i phe r t ex 1 1 C 8] , 

unsigned  char  plaintextByteMask,  int  useCBC,  int  extraXor, 

unsigned  char  startKeyC7])  i 

int  i  ; 


for 

•  •  Ru 
for 

-  -  Ru 
for 

•  •  Ru 
for 

■  •  Ru 
RunS 
RunS 


or 

•  Ru 

•  Ru 

•  Ru 

•  Ru 
■  Ru 

•  Ru 

•  Ru 

•  Ru 


(i  = 
nSinu 
(i  = 
nS  i  mu 
(i  = 
nS  i  mu 
(i  = 
nS  i  mu 
i  mu  I  a 
i  mu  I  a 
( 

(i  = 
nS  i  mu 
nS  i  mu 
nS  i  mu 
nS  i  mu 
nS  i  mu 
nS  i  mu 
nS  i  mu 
nS  i  mu 


i  <  3 
tor-Se 

i  <  8 
torwSe 

i  <  8 
tor-Se 

i  <  8 
tor-Se 
r-SetR 
r-SetR 
traXor 

i  <  2 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 
tor-Se 


2; 

tRe 


tRe 

;  i 

tRe 

eg  i 

eg  i 

?2: 

4; 

tRe 

tRe 

tRe 

tRe 

tRe 

tRe 

tRe 

tRe 


+  ) 

ster(REG-PTXT-VECTOR  + 

) 

ster(REG-PTXT-XOR-MASK 

) 

ster(REG-CIPHERTEXT0  + 

) 

st 

e  r 

e  r 


plaintextVectorCi ]); 

,  plaintextXorMaskC7-i]); 

ciphertext0C7-i]); 


er (REG-CIPHERTEXT1  +  i,  c i ph e r t ex t 1 C 7- i 1 ) ; 

(REG-PTXT-BYTE-MASK,  plaintextByteMask); 

(REG-SEARCHINFO,  ( useCBC ?1 : 0 >  | 

|  16);  /*  enable  board  active  */ 

+  )  -C  /*  for  each  engine  */ 

ster(REGwSEARCH-KEY(i)+0,  startKeyC6]); 
ster(REG-SEARCH-KEY(i>+1,  startKeyCS]); 
ster(REG-SEARCH-KEY(i)+2,  startKeyC4]); 
ster(REG-SEARCH„KEY(i)+3,  startKeyC3]); 
ster(REG^SEARCH^KEY(i)+4,  startKeyC2]); 
ster(REG-SEARCH-KEY(i)+5,  s t a rtKeyC 1 ] ) ; 
ster(REG-SEARCH„KEY(i )+6,  (startKeyC0]  +  i)  S  255); 
ster(REG-SEARCH-STATUS(i  ),  1); 


void  RunS i mu  I  a t o r-Se t Reg i s t e r ( i n t  addr,  int  data)  { 
■  ■ char  buf ferC2563; 

/*  RESET, BOARD-EN, ALE, ADRSEL1,WRB,RDB,ADRSEL2,ALLACT^IN, ADDR, CHIP- ID, DATA  */ 
sprintf (buf f er,  "1%d0%d110%d  %02x  %02x  %02x\n",  BOARD-EN-IN,  ADRSEL1-IN, 

ALLACTIVE-IN,  addr,  H AR DW I R E D-C H I P„I D ,  data); 

RunChip(buffer,  FILE-FROMCHIP,  USE-RAW-IO); 
f puts(buf f er,  F  I  LE-TOCH I P ) ; 

sprintf (buf fer,  "1%d0%d010%d  %02x  %02x  %02x\n",  BOARD-EN-IN,  ADRSEL1-IN, 

ALLACTIVE-IN,  addr,  HARDWIRED-CHIP-ID,  data); 

RunChip(buf f er,  F  I  LE- FROMCH I P,  USE-RAW-IO); 
f puts(buf f er,  F  I  LE-TOCH  I  P )  ; 

sprintf (buf fer,  "1%d0%d110%d  %02x  %02x  %02x\n",  BOARD-EN-IN,  ADRSEL1-IN, 

ALLACTIVE-IN,  addr,  HARDWIRED-CHIP-ID,  data); 

RunChip(buf f er,  F  I  LE- F ROMC H I P ,  USE-RAW-IO); 
f puts(buf f er,  F I LE-TOCH I P ) ; 

if  ((randO  8  31  )  ==  0) 

—  ALLACTIVE-IN  =  1 -A  LL  AC  T  I  V  E- I  N  ; 
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e0a  f 5a 
1 aa  f 5a 
562371 
5fd1 fd 
dd5f f c 
f0af 5a 
bbb5a8 
6df 7c5 
7c7b22 
b40f 2c 
1  16e4c 
58d814 
34b67c 
e1 084e 
b7b67c 
4a084e 
dea7f 6 
26b67c 
7d084e 
e2b67c 
b2084e 
0cdda8 
d9b67c 
a3084e 
dbb67c 
d1084e 
64b67c 
53084e 
1149d8 
1ad2a6 
6cd137 
73f 0ee 
3ad7ef 
0e6f e7 
98df 1 c 
f 8ef e6 
50af 5a 
55af 5a 
4caf 5a 
abal 66 
9299d0 
d7d1 f d 
72af 5a 
229186 
f bac2d 
e0278e 
41 21 f f 
317f 59 
09af 5a 
0f aa92 
35278e 
cf 49f a 
dc7f 59 
dea  f  5a 
a2234b 
ac278e 
0321 f  f 
b77f 59 
cba  f  5a 
2076c9 
c6ef e6 
36af 5a 
ada  f  5a 
4bc2bf 
af 53c4 
f 203d6 
618db1 
1 80ada 
e449e3 
d7a66f 
9912d4 
b2ef e6 


d  RunS i mu L a t or-Dummy I  0 ( voi d )  { 
har  bufferC256D; 
nt  i, b, addr, chip; 


f  (  ( 
add 
chi 
b  = 
/*R 
spr 
Run 
f  pu 
Run 
f  pu 
spr 
Run 
f  pu 
Run 
f  pu 
spr 
Run 
f  pu 
Run 
f  pu 
Run 
f  pu 
els 
spr 
for 

•  •  R 

•  .  f 
> 


rand  ( 
r  =  r 
P  =  < 

(ran 
ESET, 
intf  ( 
Chip( 
ts  (bu 
Chip( 
ts  (bu 
intf  ( 
Chip( 
ts  (bu 
Chip( 
ts  (bu 
intf  ( 
Chip( 
ts  (bu 
Chip( 
ts  (bu 
Chip( 
ts  (bu 
e  { 
intf  ( 

(i  = 
unChi 
pu  t  s  ( 


)  8  3)  >  0)  { 

and()  8  25  5; 

randO  8  7)?  H  A  R  DW  I  RE  D-C  H  I  P-  I  D  :  (randO  8  255) 

d  (  )  8  7 )  ?  1  :  0  ; 

BOARD-EN, ALE, ADRSEL1,WRB,RDB,ADRSEL2,ALLACT-IN, ADDR, CHIP-ID, DATA 


buffer,  "  1 %d01 1 1 0%d  %02x  %02x  00\n" 

buffer,  FILE-FROMCHIP,  U S E-R A W- I  0  )  ; 

ffer,  FILE-TOCHIP); 

buffer,  FILE-FROMCHIP,  USE-RAW-IO); 

ffer,  FILE-TOCHIP); 

buffer,  "1%d01100%d  %02x  %02x  00\n" 

buffer,  FILE-FROMCHIP,  USE-RAW-IO); 

ffer,  FILE-TOCHIP); 

buffer,  FILE-FROMCHIP,  USE-RAW-IO); 

ffer,  FILE-TOCHIP); 

buffer,  "  1 %d01 1 1 1 %d  %02x  %02x  00\n" 

buffer,  FILE-FROMCHIP,  USE-RAW-IO); 

ffer,  FILE-TOCHIP); 

buffer,  FILE-FROMCHIP,  USE-RAW-IO); 

ffer,  FILE-TOCHIP); 

buffer,  FILE-FROMCHIP,  USE-RAW-IO); 

ffer,  FILE-TOCHIP); 


/ 
b,  ALLACTIVE-IN,  addr,  chip); 


ALLACTIVE-IN,  addr,  chip); 


ALLACTIVE-IN,  addr,  chip); 


buffer,  "1101111%d  FF  %02x  FF\n 

randO  8  7;  i  >  0;  i  — )  { 
p(buffer,  FILE-FROMCHIP,  USE-RAW-IO); 
buffer,  FILE-TOCHIP); 


ALLACTIVE-IN,  H A R D W I R E D-C H I P- I D  ) 


unsigned  char  Run S i mu I a t o r-C he c kReg i s t e r ( i n t  addr)  { 
unsigned  char  rval; 
char  bufferC256]; 

/*  RESET, BOARD-EN, ALE, ADRSEL1,WRB,RDB,ADRSEL2,ALLACT-IN, ADDR, CHIP- ID, DATA  */ 
sprintf(buffer,  "1%d0%d110%d  %02x  %02x  00\n",  BOARD-EN-IN,  ADRSEL1-IN, 

ALLACTIVE-IN,  addr,  H A R D W I R E D-C H I P- I D  /*no  data*/); 

RunChip(buf f er,  F I LE- F ROMC H  I  P,  USE_RAW-I0); 
f puts(buf f er,  F  I  LE-TOC H I P  )  ; 

sprintf(buffer,  "  1%d0%d100%d  %02x  %02x  00\n",  BOARD-EN-IN,  ADRSEL1-IN, 

ALLACTIVE-IN,  addr,  H A R D W I R E D-C H I P- I  D  /*no  data*/); 

rvaL  =  (unsigned  c ha r  )  RunC h i p ( bu f f e r ,  FILE-FROMCHIP,  USE-RAW-IO); 
fputsCbuffer,  FILE-TOCHIP); 

spri ntf (buf f er,  "1%d0%d111%d  %02x  %02x  00\n",  BOARD-EN-IN,  ADRSEL1-IN, 

ALLACTIVE-IN,  addr,  H AR DW I R E D-C H  I  P-  I  D  /*no  data*/); 

RunChip(buffer,  FILE-FROMCHIP,  USE-RAW_I0); 
f puts(buf f er,  F  I  LE-TOCH I P  )  ; 

return  (rval); 


nt  unhex(char  c)  { 
if  (c  >=  '0'  88  c 
•■return  (c  -  '0' 
if  (  c  >=  '  a '  88  c 
••return  (c  - 
if  (c  >=  'A'  I 
••return  (c  - 
return  (  - 1  )  ; 


9'  ) 


f  •  ) 


'  a  '  +  10); 
8  c  <=  '  F'  ) 
'A'  +  10); 


Chapter  7:  Chip  Simulator  Source  Code 


7-43 


--3d19  000c2e47631 8004001 1  Page  9  of  testvec.c 


e0a  f 5a 
1 aa  f  5a 
4c4579 
dcc22f 
a66a41 
66af 5a 
688ef6 
078b28 
a052e6 
d8a3ed 
2560d1 
d8a6e5 
762462 
6ca  f  5a 
9447de 
d28e69 
d3d278 
81df  1c 
27af 5a 
1b47de 
34f 5b0 
875f6a 
51643e 
57f2a4 
0039d3 
245f6a 
ab6fe7 
a3e16f 
339eae 
3d6fe7 
5fdf  1c 
ebc1d2 
8cef e6 
c2af 5a 
f2af 5a 
847b71 
3d17e0 
dbaf 5a 
449650 
f c6c12 
20cd57 
8af ee8 
eaef e6 
8aaf 5a 
24af 5a 
18bb19 
e27959 
C0f096 
9d1260 
6449d8 
335ef f 
c5d318 
445716 
e4c1d2 
d56f e7 
0c48bc 
69df 1c 
eba  f  5a 
7da670 
8d870f 
9842e1 
25646c 
fddf 1c 
7baf 5a 
d359dc 
7dc563 
4e14f a 
e382e3 
4d7cf 5 
d6f02c 
da1  1  1  1 
c287b0 


nt 
i  n 


hex2bi  n  (  cha  r  *hex,  unsigned  char  *bin)  -C 
t  i  =  0; 
t  j  =  0; 

Trim  string  if  comments  present  */ 

(strchr(hex,  ' # ' )  !=  NULL) 
*strchr(hex,  '  #  '  )  =  0  ; 

(strchr(hex,  '*')  !=  NULL) 
*strchr(hex,  •*')  =  0  ; 

(strchr(hex,  ' \ ' ' )  !=  NULL) 
*strchr(hex,  '  \  '  '  )  =  0  ; 

r  (i  =  0;  i  <  (int)strlen(hex);  i++)  { 
if  (hexCi]  >=  '0'  &&  unhex ( hex C i 3  )  <  0) 
••EXIT-ERR("Bad  hex  digit  encountered.  \n"); 

r  (i  =  0;  i  <  (int)strlen(hex);  i++)  { 
i  f  (hexCi  ]  <  ,0'  ) 

•  continue; 

f  (hexCU  >=  '0'  &&  hexCi+1]  >=  '0')  { 

*binCj++]  =  (unsigned  char)(unhex(hexEiD)*16+unhex(hexCi+1])); 

•i+  +  ;  /*  skip  one  */ 

*  continue; 

f  (hexM  ]  >=  '0'  )  { 

*binCj++]  =  (unsigned  charMunhex(hexCiD)); 

turn  (j); 


void  p  r  i  n  t  HexS  t  r  i  ng  (  c  ha  r  *tag,  unsigned  char  *data,  int  Len)  -C 

•  •  i  n  t  i  ; 

••printf("%s",  tag); 

••for  (i  =  0;  i  <  Len;  i++) 

•  •  •  •  p  r  i  n  t  f  (  "  %  0  2  X  "  ,  d  a  t  a  C  i  ]  )  ; 

•  •  p  r  i  n  t  f  (  "  \  n  "  )  ; 


void  Open F i  L e s ( c ha r  * t o C h i p F i  L ename  ,  char  * f r omC h i p F i  I  ename ,  int  useRaw)  i 
FILE„TOCHIP  =  fopen(toChipFilename,  useRaw  ?  "rb"  :  "r"); 
if  (FILE^TOCHIP  !=  NULL)  { 
• • CREATING-VECTOR  =  0; 
}  else  { 

FILE^TOCHIP  =  f open( toChi pFi Lename, 
if  ( FILE-TOCHIP  ==  NULL)  { 
• ■ fprintf (stderr,  "Can't  open  \"s\" 
e  x  i  t  ( 1  )  ; 


useRaw 


"wb" 


for  toChip  file\n",  t oC h i p F i L ename ) 


} 
CREATING-VECTOR 


1  ; 


FIL 
if 

•  •  f 

•  •  e 
> 

USE 
f  0 

f 
f 
f 
f 
f 
f 


"wb' 


") 


E-FROMCHIP  =  f open ( f romCh i p F i L ename,  useRaw 

( FILE-FROMCHIP  ==  NULL)  { 

printf (stderr,  "Can't  open  \"s\"  for  fromChip  file\n",  f romChipFi lename); 

x  i  t  (  1  )  ; 

-RAW-IO  =  useRaw; 

/*  Activate  this  to  add  column  descriptors  in  the  output  */ 

(  !  useRaw  )  { 

printf(FILE-TOCHIP,  "RESETXn"); 

printf(FILE-TOCHIP,  "|B0ARD_EN\n"); 

printf(FILE-TOCHIP,  "|  jALEXn"); 

printf(FILE-TOCHIP,  "| |  jADRSEL1\n"); 

printf(FILE-TOCHIP,  "j  j  j  jWRB\n"); 
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93a32c 
71b3bd 
d017df 
6bed08 
173c97 
f 1 102a 
4aea2f 
e1 e4e9 
541499 
4dc3ec 
a6df 1 c 
187454 
217c65 
1  a  e  f  e6 
85af 5a 


} 

#en 
•  •  f 

> 


f pr  i  nt  f 
f pri  nt f 
f  p  r  i  n  t  f 
f pri  nt f 
f p  r  i  nt  f 
f p  r i  nt  f 
f  p  r  i  n  t  f 
f  p  r  i  n  t  f 
f pr  i  nt  f 
f pr  i  nt  f 


FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-TOCHIP, 

FILE-FROMCHIP, 

FILE-FROMCHIP, 

FILE-FROMCHIP, 


dif 

printf ( FILE-FROMCHIP 


R  D  B  \  n  "  )  ; 
ADRSEL2\n"); 
ALLACTIVE_IN\n"); 
A  D  D  R  \  n  "  )  ; 
l\\     CHIP_ID\n"); 
/\\  DATAXn"); 
! !  I\\     ALLACTIVE-OUT\n"); 


'  DATA\n") 

'l\\    ALLACTIVE-OUT\n"); 

'  !  !   !  /--  IsActi ve  I  0  .  .23] 


\\\n") 


"KEY  DES-OUT  MATCH  &  S  ELECT1  :  \n"  ) 


In  This  chapter: 

•  Board  Schematics 

•  Sun-4/470  backplane 
modifications 

•  PC  Interfaces 

•  Errata 


Hardware  Board  Schematics 


This  chapter  contains  schematic  diagrams  of  the  printed-circuit  boards  that  we 
designed  and  built  for  the  DES  Cracker.  It  also  includes  a  few  other  details  about 
the  hardware. 

Each  hardware  board  holds  64  DES  Cracker  chips.  In  this  schematic,  we  only 
show  how  8  of  the  chips  are  wired.  The  rest  are  wired  almost  identically.  Each  "All 
Active  Out"  pin  is  daisy-chained  to  the  next  "All  Active  In"  pin.  The  "Chip  ID"  pins 
on  each  chip  are  connected  directly  to  either  ground  or  power,  to  tell  the  chip  its 
binary  chip  number  among  all  the  chips  on  the  board.  If  you  examine  these  pins 
for  the  eight  chips  shown,  you'll  see  how  they  change. 

The  boards  fit  into  card-cages  which  are  connected  to  each  other  and  to  the  host 
computer  by  a  50-pin  ribbon  cable.  The  card-cages  are  modified  Sun-4/470  server 
card  cages.  The  modifications  we  made  to  their  backplanes  are  detailed  toward 
the  end  of  the  chapter. 

Board  Schematics 

The  schematics  begin  on  the  next  page. 
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Sun-4/470  backplane  modifications 

The  first  DES  Cracker  uses  several  chassis  recycled  from  Sun-4/470  servers  to  hold 
its  boards.  Each  chassis  contains  a  card  cage,  power  supplies,  fans,  and  covers.  In 
the  card  cage  there  is  a  backplane,  which  is  a  printed  circuit  board  that  holds  the 
connectors  for  each  board  that  can  be  plugged  into  the  card  cage.  Each  row  has 
connectors  for  12  slots  numbered  from  1  to  12.  The  card  cage  is  sized  for  "9U" 
VMEbus  boards,  each  of  which  has  three  large  96-pin  connectors.  Therefore,  the 
backplane  also  has  three  96-pin  connectors  per  board,  called  PI,  P2.  and  P3.  Each 
of  these  96-pin  connectors  has  three  rows  of  32  pins  inside  it,  called  Rows  A,  B, 
and  C. 

We  modified  the  backplane  as  follows: 

Top  Row  (PI):  No  modification.  We  just  use  this  as  a  board  holder.  There  is  no 
signal  from  our  boards  to  these  connectors. 

Middle  Row  (P2):  No  modification.  We  just  use  this  as  a  board  holder.  There  is  no 
signal  from  our  boards  to  these  connectors. 

Bottom  Row  (P3):   Power  and  signaling  for  the  DES  Cracker  boards,  as  follows: 

Table  8-1:  Signal  assignments  on  bottom  connectors 


Row  A 

Original  Assigment 

New  Assigment 

Pin    1  to  25 

+5  Volts 

Supply  voltage  for  DES  Cracker  chips 

Pin   26  to  27 

+  12  Volts 

Not  used 

Pins  28  to  29 

-12  Volts 

Not  used 

Pins  30  to  32 

-5  Volts 

Not  used 

RowB 

Original  Assigment 

New  Assigment 

Pin    1 

Reserved 

Not  used 

Pin   2 

Reserved 

Not  used 

Pin   3 

Reserved 

Reset   (C_RST) 

Pin   4 

Reserved 

Read   Strobe  (C_RDB) 

Pin   5 

Reserved 

Write  Strobe  (C_WRB) 

Pin   6 

Reserved 

Address  Latch  Enable  (C_AEN) 

Pin   7 

Reserved 

Control_l  (C_CNT1)  or  C_ADRSELB 

Pin   8 

Reserved 

Control_2  (C_CNT2)  or  C_CSB 

Pin   9 

Reserved 

Data  7  (C_D7) 

Pin  10 

Reserved 

Data  6  (C_D6) 

Pin  11 

Reserved 

Data  5  (C_D5) 

Pin  12 

Reserved 

Data  4  (C_D4) 

Pin  13 

Reserved 

Data  3  (C_D3) 

Pin  14 

Reserved 

Data  2  (C_D2) 

Pin  15 

Reserved 

Data  1  (C_D1) 

Sun-4/470  backplane  modifications 
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Pin  16 

Reserved 

Data  0  (C_D0) 

Pin  17 

Reserved 

Address  7  (C_A7) 

Pin  18 

Reserved 

Address  6  (C_A6) 

Pin  19 

Reserved 

Address  5  (C_A5) 

Pin  20 

Reserved 

Address  4  (C_A4) 

Pin  21 

Reserved 

Address  3  (C_A3) 

Pin  22 

Reserved 

Address  2  (C_A2) 

Pin  23 

Reserved 

Address  1  (C_A1) 

Pin  24 

Reserved 

Address  0  (C_A0) 

Pin  25 

Reserved 

GND 

Pin  26 

Reserved 

GND 

Pin  27 

Reserved 

GND 

Pin  28 

Reserved 

GND 

Pin  29 

Reserved 

GND 

Pin  30 

Reserved 

GND 

Pin  31 

Reserved 

+5  V  supply  to  all  Interface  ICs 

Pin  32 

Reserved 

+5  V  supply  to  all  Interface  ICs 

Row  C 

Original  Assigment 

New  Assignment 

Pins    1  to  25 

GND 

GND 

Pins  26  to  27 

+  12  Volts 

Not  used 

Pins  28  to  29 

-12  Volts 

Not  used 

Pins  30  to  32 

-5  Volts 

Not  used 

Row  A,  pins  1-25  provide  the  supply  voltage  for  the  DES  Cracker  chips.  The  sup- 
ply is  normally  +5  Volts. 

The  chips  can  be  run  on  a  lower  voltage,  to  reduce  power  consumption  and  heat 
generation.  In  that  case,  two  voltages  must  be  supplied.  The  lower  voltage  for  the 
DES  Cracker  chips  is  supplied  on  Row  A,  pins  1-25.  +5  volts  is  supplied  to  the 
interface  circuitry  on  Row  B,  pins  31  and  32.  In  low  voltage  operation,  Jumper  JP1 
on  each  of  the  DES  boards  must  be  removed.  If  the  DES  chips  are  using  +5  Volts, 
then  no  external  power  connects  to  Row  B,  pins  31  and  32,  and  Jumper  JP1  on 
each  of  the  DES  boards  is  connected. 


Physical  Modifications  on  P3  Bus  (Bottom  Row) 

The  P3  bus  (bottom  row)  of  the  backplane  has  12  slots.  Some  of  these  slots  are 
wired  to  their  neighboring  slots,  forming  a  bus.  In  its  original  Sun  configuration, 
the  P3  bus  was  mainly  used  for  a  high-speed  memory  bus  between  the  CPU  board 
and  the  memory  boards.  It  was  divided  into  4  independent  groups: 

Group  1 

This  group  has  7  slots  (from  1  to  7)  which  have  their  Row  B's  bussed  together. 
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Group  2 

This  has  only  slot  8.  Its  Row  B  did  not  connect  to  any  other. 

Group  3 

This  has  only  slot  9.  Its  Row  B  did  not  connect  to  any  other. 

Group  4 

This  group  has  3  slots  (from  10  to   12)  which  have  their  Row  B's  bussed 
together. 

We  modified  the  backplane  to  connect  each  of  these  four  groups  together,  so  that 
P3  Row  B  connects  from  slot  to  slot  along  the  whole  backplane. 

On  both  slot  1  and  slot  12  we  added  a  dual-row  header  to  the  P3  connector,  Rows 
B  and  C  (signals  and  grounds),  so  that  a  50-pin  ribbon  cable  can  connect  to  the 
bus.  These  headers  allow  each  chassis  to  be  cabled  to  the  next  chassis,  and  also 
allow  the  first  chassis  to  be  cabled  to  a  general  purpose  computer,  where  the  soft- 
ware that  controls  the  DES  Cracker  runs. 

On  slot  11,  we  also  added  a  dual-row  header  to  the  P3  connector,  Rows  A  and  B 
(Supply  voltage  and  signals),  to  let  us  install  termination  resistors  when  no  ribbon 
cable  is  attached  to  Slot  12.  These  protect  the  integrity  of  the  signals  on  the  bus. 


PC  Interfaces 


The  first  chassis  connects  to  the  controlling  computer  via  a  ribbon  cable,  which 
attaches  to  the  dual-row  header  installed  on  Slot  1.  This  cable  leads  to  a  plug-in 
hardware  card  which  provides  three  parallel  I/O  ports.  The  software  talks  to  this 
card,  causing  it  to  write  commands  to  the  ribbon  cable,  or  read  results  back  from 
the  ribbon  cable.  The  software  runs  in  an  ordinary  IBM  PC,  and  could  be  ported 
to  other  general  purpose  computers. 

Our  project  used  either  of  two  interface  cards.  Both  are  from  National  Instruments 
Corporation  of  Austin,  Texas,  reachable  at  http://www.natinst.com  or  +1 
512  794  0100.  Their  PC-AT  bus  interface  card  is  called  the  PC-DIO-24,  order  num- 
ber 777368-01.  For  laptops,  a  "PC  card"  (PCMCIA)  interface  is  also  available,  the 
DAQCard-DIO-24,  order  number  776912-01.  This  card  requires  the  PSH27-50F-D1 
cable,  with  order  number  776989-01. 

Other  parallel  interface  cards  that  provide  24  bit  I/O  could  also  be  made  to  work. 
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Errata 

This  page  contains  notes  about  errors  detected  late  in  the  hardware  or  software 
published  herein. 

Chip  select  for  reading 

The  DES  Cracker  chips  do  not  properly  tristate  their  data  buffers.  When  any  chip 
on  any  board  is  reading,  every  other  DES  Cracker  chip  drives  garbage  onto  its  data 
pins.  The  buffer  enables  were  not  qualified  by  the  Board  Enable  and  Chip  Enable 
signals.  The  initial  hardware  boards  were  modified  to  circumvent  this  by  providing 
individual  RDB  signals  to  each  chip,  qualifying  them  externally  with  an  FPGA.  The 
correct  fix  is  in  top.vhd  in  the  chip  VHDL;  near  the  last  line,  change: 

DATA  <=  DATAO  when  (RDB  =  '0'  and  ADDSEL2  =  '0')  else  (others  =>  '  Z  '  )  ; 

to: 

DATA  <=  DATAO  when  (RDB  =  '0'  and  ADDSEL2  =  '0'  and  CHIP_EN  =  '1') 
else  (others  =>  'Z'); 

This  also  involves  adding  CHIP_EN  as  an  output  of  upi.vhd. 
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DES  Keys 
by  Yvo  Desmedt 

This  paper  was  presented  at  Eurocrypt  1987  by  Yvo  Desmedt  and  Jean-Jacques 
Quisquater,  under  the  title  "An  Exhaustive  Key  Search  Machine  Breaking  One  Mil- 
lion DES  Keys".  We  publish  it  here  for  the  first  time,  since  no  proceedings  were 
made.  It  points  out  some  research  directions  in  parallel  brute  force  codebreaking 
that  are  still  useful  today. 

Abstract 

The  DES  is  in  the  commercial  and  industrial  world  the  most  used  cryptoalgorithm. 
A  realistic  exhaustive  key  search  machine  will  be  proposed  which  breaks  thou- 
sands of  keys  each  hour,  when  DES  is  used  in  its  standard  8  byte  modes  to  protect 
privacy.  Also  authenticity  protection  with  DES  is  sometimes  insecure. 

Introduction 

The  DES  is  the  NBS*  and  ANSIt  standard  for  encryption.  It  has  been  proposed  to 
become  an  ISO*  standard,  under  the  name  DEAL  From  the  beginning  Diffie  and 
Hellman  mentioned  that  one  DES  key  could  be  broken  under  a  known  plaintext 
attack  using  an  exhaustive  keysearch  machine^  However  the  design  was  criticized 
because  practical  problems  as  size  and  power  dissipation  were  not  taken  into 


*  "Data  Encryption  Standard",  FIPS  (National  Bureau  of  Standards  Federal  Information  Processing  Stan- 
dards Publ.),  no.  46,  Washington  D.C.,  January  1977 

f  "Data  Encryption  Algorithm",  ANSI  X3. 92-1981,  (American  National  Standards  Institute),  New  York, 
December  31,  1980 

%  "Data  Encipherment,  Specification  of  Algorithm  DEA1",  ISO/DP  8227  (Draft  Proposal),  1983 

§  Diffie,  W.,  and  Hellman,  M.E.:  "Exhaustive  cryptanalysis  of  the  NBS  Data  Encryption  Standard",  Com- 
puter, vol.  10,  no.  6,  pp.  74  -  84,  June  1977 
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consideration.  Hoornaert*  proposed  last  year  a  realistic  exhaustive  keysearch 
machine,  which  solved  all  practical  problems.  Instead  of  breaking  DES  in  half  a 
day  (as  in  the  Diffie-Hellman  machine),  the  cheap  version  ($  1  million)  needs 
maximum  4  weeks  to  find  the  key.  In  practice  however  companies  or  secret  agen- 
cies want  to  break  several  keys  at  once.  Indeed  for  doing  industrial  espionage, 
companies  want  to  break  as  many  communications  as  possible  of  their  main  com- 
petitors. Secret  agencies  want  to  be  able  to  eavesdrop  all  communications  and  to 
follow  up  industrial  developments  in  other  countries  which  may  be  used  for  mili- 
tary purposes.  The  above  machine  is  unpractical  or  expensive  for  this  purpose. 
Instead  of  using  thousands  of  machines  for  breaking  thousands  of  keys,  one  modi- 
fied machine  is  enough. 

The  basic  idea 

At  first  sight  if  one  wants  to  break  one  million  keys  with  an  exhaustive  machine 
one  needs  one  million  pairs  (plaintext, ciphertext)= (Mi, Ci)  and  do  the  job  for  each 
different  pair.  If  all  these  pairs  have  the  same  plaintext  M,  the  exhaustive  machine 
can  do  the  same  job  by  breaking  all  these  one  million  ciphertexts,  as  in  the  case  it 
had  only  to  break  one.  This  assumption  is  very  realistic,  indeed  in  letters  some 
pattern  as  e.g. "Yours  Sincerely"  are  common.  For  all  standardt  8  bytes  modes  a 
partially  known  plaintext  attack  is  sufficient.  In  the  case  of  ECB  a  ciphertext  only 
attack  is  sufficient.  Indeed  the  most  frequent  combination  of  8  bytes  can  easily  be 
detected  and  used.  Evidently  more  machines  can  handle  more  different  plaintext 
patterns.  So,  a  few  machines  can  break  millions  of  keys.  The  number  of  different 
patterns  can  be  reduced  by  using  a  chosen  plaintext  attack! 


Details  of  such  a  machine 


Although  we  did  not  built  it,  in  this  section  sufficient  details  are  given  to  show  that 
such  a  machine  is  feasible.  The  machine  will  be  based  on  a  small  extension  of  the 
DES  chips  used  in  Hoornaert's  machine.  We  will  call  the  ciphertexts  for  which  one 
wants  to  break  the  key:  "desired"  ciphertexts.  In  one  machine,  each  of  the  (e.g.) 
25  thousand  DES  chips  will  calculate  ciphertexts  for  variable  keys  starting  from  the 
same  8  byte  "plaintext"  pattern.  The  machine  has  to  verify  if  such  a  ciphertext  is 
the  same  as  some  "desired"  ciphertext.  If  so,  it  has  to  communicate  the  corre- 
sponding key  to  the  Key  Handling  Machine  (KHM)  and  the  "number"  of  the 
"desired"  ciphertext.  However  each  used  DES  chip  generates  each  second  about 


*  Hoornaert,  K,  Goubert,  J.,  and  Desmedt,  Y.:  "Efficient  hardware  implementations  of  the  DES", 
Advances  in  Cryptology,  Proceedings  of  Crypto  84,  Santa  Barbara,  August  1984  (Lecture  Notes  in  Com- 
puter Science,  Springer-Verlag,  Berlin,  1985),  pp.  147-173 

t  "DES  modes  of  operation",  FIPS  (NBS  Federal  Information  Processing  Standards  Publ.),  no.  81,  Wash- 
ington D.C.,  December  2,  1980 
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one  million  pairs  (ciphertext,  key).  This  gives  a  major  communication  problem. 
Indeed  all  this  information  (about  110Mbit/sec.=  (56  key  bits  +  64  ciphertext  bits) 
x  1M  DES/sec.)  cannot  be  communicated  constantly  outside  the  chip.  To  avoid  this 
communication  problem,  the  chip  will  internally  exclude  ciphertexts  which  cer- 
tainly are  not  equal  to  a  "desired"  ciphertext.  So  only  a  fraction  has  to  be  commu- 
nicated to  the  outside  world.  Hereto  the  "desired"  ciphertexts  were  previously 
ordered  based  on  their  first  20  bits,  which  are  used  as  address  of  the  desired 
ciphertexts.  If  more  than  one  of  these  "desired"  ciphertexts  have  the  same  20  first 
bits  then  one  of  them  will  later  be  transfered  to  the  exhaustive  machine.  The  oth- 
ers will  be  put  on  a  waiting  list.  In  the  exhaustive  machine  bits  of  the  desired 
ciphertexts  are  spread  in  RAMs,  as  explained  later,  using  the  20  first  bits  as 
address.  Each  extended  DES  chip  is  put  on  a  hybrid  circuit  together  with  4  RAMs 
of  1Mbit  and  a  refresh  controller  (see  also  fig.  1).  For  each  enumerated  key  the 
DES  chip  communicates  the  20  first  bits  of  the  corresponding  generated  ciphertext 
to  the  RAMs  as  address.  The  4  bits  information  stored  in  the  RAMs  correspond  to 
the  next  4  bits  of  the  desired  ciphertexts.  The  RAMs  communicate  to  the  modified 
DES  chip  these  4  bits.  Only  if  these  4  bits  are  equal  to  the  corresponding  ones  in 
the  generated  ciphertext,  the  generated  pair  (ciphertext,  key)  is  communicated 
outside  the  DES  chip  to  a  local  bus  (see  fig.  1).  So  in  average  the  communication 
rate  is  reduced,  by  excluding  the  ciphertexts  which  are  certainly  not  desired. 
About  10  of  these  hybrids  are  put  on  a  small  PCB.  A  custom  designed  chip  checks 
the  next  10  bits  (the  bits  25  till  34)  of  the  ciphertexts  using  the  same  idea  as  for 
the  4  bits  (the  bits  21  till  24).  Hereto  10  RAMs  each  of  1Mbit  are  used,  the  address 
is  again  the  first  20  bits  of  the  generated  ciphertext.  Only  if  the  check  succeeds  the 
pair  (ciphertext,  key)  is  communicated  to  the  outside  world  via  a  global  bus.  This 
reduces  the  communication  between  the  local  bus  and  the  global  bus  with  a  factor 
1000.  About  2500  similar  PCBs  are  put  in  the  machine.  The  last  30  bits  of  the 
ciphertext  are  checked  further  on.  Hereto  similar  hardware  controls  several  PCBs. 
Finally  a  small  machine  can  do  the  final  check.  The  machine  KHM  checks  the  cor- 
rectness of  the  key  on  other  (plaintext,  ciphertext)  pairs  or  on  the  redundancy  in 
the  language.  Once  each  (e.g.)  hour  the  machine  KHM  will  update  the  broken 
keys  and  put  the  ones  which  are  on  the  waiting  list  into  the  exhaustive  machine  (if 
possible).  Suppose  that  one  hybrid  cost  $80,  then  the  price  of  $3  million  (25,000  x 
hybrid  +  custom  chips  +  PCBs  +  etc)  for  this  machine  is  realistic. 
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Obtained  results  and  remarks 

The  described  machine  breaks  about  one  million  keys  in  4  weeks,  or  in  average 
about  3000  keys  each  hour.  By  updating  the  broken  keys  better  results  can  be 
obtained.*  Practical  problems  as  buffering,  synchronization,  MTBF,  power  dissipa- 
tion, size,  reloading  of  the  RAMs  and  so  on  are  solved  by  the  author.  Optimiza- 
tions under  several  circumstances  and  variants  of  the  machine  are  possible.  In 
view  of  the  existing  rumors  that  a  trapdoor  was  built  in  DES  by  NSA,  the  feasibility 
of  this  machine  shows  that  a  trapdoor  was  not  needed  in  order  to  break  it.  Old 
RAM  technology  allowed  to  design  similar  (or  larger)  machines  which  break  less 
keys  (e.g.  thirtytwo  thousand  keys).  This  attack  can  be  avoided  if  the  users  of  DES 
use  the  CFB  one  byte  mode  appropriately,  or  use  new  modes, t  or  triple  encryption 
with  two  different  keys.  DES-like  algorithms  can  be  designed  which  are  more 
secure  against  the  described  attack  and  which  use  a  key  of  only  48  bit,  and  which 
have  the  same  encryption/decryption  speed  as  DES  (if  used  with  fixed  key).*  The 
protection  of  the  authenticity  of  (e.g.  short)  messages  with  DES  is  sometimes 
insecure. §  These  results  combined  with  the  above  one,  shows  that  the  authentica- 
tion of  standardized  messages  with  DES  may  be  worthless.  Remark  finally  that  the 
DES  chip  used  in  this  machine  does  not  use  the  state  of  the  an  of  VLSI.  Indeed 
about  only  10,000  transistors  are  used  in  it.  Megabits  RAMs  are  easily  available. 

Conclusion 

Every  important  company  or  secret  agency  over  the  world  can  easily  build  such  a 
machine.  Because  it  is  not  excluded  that  such  machines  are  already  in  use  by 
these  organizations,  the  author  advises  the  users  to  be  careful  using  DES.  Because 
the  most  used  modes  are  breakable,  the  users  have  to  modify  their  hard-  or  soft- 
ware in  a  mode  which  avoids  this  attack.  Meanwhile  only  low-sensitive  informa- 
tion can  be  transmitted  with  DES.  If  the  authenticity  of  the  messages  is  protected 
with  DES  under  its  standardized  use,  short  messages  have  to  be  enlarged. 


*  Desmedt,  Y.,  "Optimizations  and  variants  of  exhaustive  key  search  machines  breaking  millions  of 
DES  keys  and  their  consequences  on  the  security  of  privacy  and  authenticity  with  DES",  Internal 
Report,  ESAT  Laboratory,  Katholieke  Universiteit  Leuven,  in  preparation. 

f  Quisquater,  J.-J.,  Philips  Research  Laboratory,  Brussels,  paper  in  preparation. 

%  Quisquater,  J.-J.,  Desmedt,  Y.,  and  Davio,  M.:  "A  secure  DES*  scheme  with  <  48  bit  keys",  presented 
at  the  rump  session  at  Crypto  '85,  Santa  Barbara,  August,  1985 

§  Desmedt,  Y:  "Unconditionally  secure  authentication  schemes  and  practical  and  theoretical  conse- 
quences", presented  at  Crypto  '85,  Santa  Barbara,  August,  1985,  to  appear  in  the  proceedings:  Advances 
in  Cryptology  ( Springer- Verlag,  Berlin,  1986). 
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This  paper  was  written  in  Spring  1996.  Its  performance  numbers  are  several  years 
out  of  date,  and  it  used  what  hardware  was  handy,  rather  than  the  best  possible 
hardware  for  its  time.  Still,  results  based  on  actually  building  working  devices  are 
preferable  to  much  better  theories  about  reality. 


Abstract 

We  examine  issues  in  high-performance  cryptanalysis,  focusing  on  the  use  of  pro- 
grammable logic.  Several  standard  techniques  from  computer  architecture  are 
adapted  and  applied  to  this  application.  We  present  performance  measurements 
for  RC4,  A5,  DES,  and  CDMF;  these  measurements  were  taken  from  actual  imple- 
mentations. We  conclude  by  estimating  the  resources  needed  to  break  these 
encryption  algorithms. 

Introduction 

Large-scale  open  electronic  communications  networks  are  spreading:  for  example, 
mobile  computing  is  on  the  rise,  the  Internet  is  experiencing  exponential  growth, 
and  electronic  commence  is  a  hot  topic.  With  these  advances  comes  a  need  for 
robust  security  mechanisms,  and  they  in  turn  depend  critically  on  cryptographic 
protection.  At  the  same  time,  computer  power  has  been  growing  at  dizzying  rates, 
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matching  or  exceeding  Moore's  Law.  Therefore,  in  this  rapidly  changing  environ- 
ment, it  is  important  to  assess  the  strength  of  deployed  encryption  algorithms 
against  the  tremendous  computational  power  available  to  potential  adversaries. 

The  best  attacks  on  today's  symmetric-key  encryption  algorithms  simply  apply 
massive  computing  resources  to  break  their  security  by  pure  brute  force.  If  a  cryp- 
tographic algorithm  is  secure,  it  will  be  far  too  expensive  for  an  attacker  to  gather 
the  processing  power  necessary  for  such  a  brute-force  cryptanalytic  attack  to  suc- 
ceed. Assessing  the  security  of  a  cryptographic  algorithm  against  this  threat,  then, 
involves  surveying  the  state  of  the  art  in  cryptanalytic  computational  power  and 
estimating  the  investment  required  to  mount  this  type  of  attack. 

This  paper  explores  the  use  of  programmable  logic  hardware  devices  in  cryptana- 
lytic applications.  Programmable  logic  attempts  to  provide  much  of  the  premier 
performance  available  from  custom  hardware,  while  partially  retaining  the  recon- 
figurability  and  ease  of  development  benefits  found  in  software. 

Our  research  draws  heavily  on  the  computer  architecture  field.  Surprisingly,  many 
techniques,  tools,  and  models  for  the  design  of  general-purpose  processors  also 
proved  useful  in  the  specialized  domain  of  cryptanalytic  hardware.  We  investigate 
the  benefits  of  various  forms  of  parallelism,  including  pipelining  and  superscalar 
architectures.  We  also  examine  and  identify  critical  structural  hazards  and  data  haz- 
ards, as  well  as  the  crucial  performance  bottlenecks.  This  paper  focuses  especially 
on  an  analogue  of  the  central  "CPU  time"  formula  from  [20].  By  framing  the  prob- 
lem from  the  perspective  of  system  architects,  we  were  able  to  take  advantage  of 
the  extensive  knowledge  base  available  in  the  architecture  literature. 

This  paper  is  organized  as  follows.  The  section  "Motivation"  elaborates  on  the 
need  for  estimates  of  the  performance  of  cryptanalytic  hardware,  and  the  section 
"Related  Work"  lists  previous  work  which  touches  on  this  project  and  influenced 
our  approach.  Next,  the  the  section  "Technical  Approach"  introduces  our  experi- 
mental methodology  and  goals.  The  section  "Design  and  Analysis"  describes  our 
design,  implementation,  and  data  in  depth,  providing  a  detailed  technical  analysis. 
Finally,  the  section  "Future"  briefly  identifies  some  areas  for  future  research,  and 
the  "Conclusion"  concludes  the  paper. 

Motivation 

There  is  currently  a  strong  need  for  a  solid  assessment  of  the  resources  required  to 
break  the  common  cryptographic  algorithms.  This  information  is  a  crucial  data 
point  for  system  designers — they  need  this  information  to  determine  which 
encryption  algorithm  is  appropriate  for  their  system.  The  need  is  only  intensifying: 
weak  encryption  is  becoming  the  norm,  earlier  assessments  are  either  incomplete 
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or  out-of-date,  and  steady  increases  in  computing  power  are  threatening  the  viabil- 
ity of  these  weak  encryption  systems. 

Security  is  little  more  than  economics.  A  cryptographic  system  is  secure  when  it 
costs  more  to  break  it  than  the  data  it  is  protecting  is  worth.  Accordingly,  deter- 
mining the  strength  of  an  encryption  algorithm  comes  down  to  measuring  the  cost 
of  the  cryptanalytic  resources  needed  to  break  the  system.  That  explains  the  basic 
need  for  an  evaluation  of  the  cryptanalytic  performance  possible  today. 

In  fact,  several  recent  factors  make  the  need  more  urgent.  Weak  encryption  is 
being  widely  deployed.  SSL  with  40-bit  RC4  is  becoming  a  de  facto  standard  for 
secure  Web  channels,  largely  because  of  Netscape's  support.  GSM,  a  European 
mobile  telephony  system,  depends  for  its  link-layer  security  on  A5,  an  apparently 
weakened  algorithm.  Export  restrictions  are  largely  to  blame  for  the  recent  pre- 
ponderance of  weak  encryption  algorithms;  they  are  an  unfortunate  fact  of  life  at 
the  moment.  This  intensifies  the  need  for  accurate  estimates  of  the  true  protection 
these  cryptographic  algorithms  offer.  For  extremely  strong  algorithms,  it  is  suffi- 
cient to  provide  order-of-magnitude  estimates  to  show  that  breaking  these  algo- 
rithms requires  absurd  collections  of  resources;  but  when  it  is  feasible  (or  barely 
feasible)  to  break  an  encryption  algorithm,  it  becomes  extremely  important  to  pin- 
point the  cost  of  cryptanalysis  accurately. 

The  section  entitled  "Related  Work"  lists  several  earlier  algorithm  assessments.  DES 
has  received  by  far  the  most  attention,  but  we  are  also  greatly  interested  in  the 
(today  all-too-common)  case  of  exportable  encryption  algorithms.  Most  of  the 
experience  with  weak  encryption  systems  has  been  with  software  cryptanalysis; 
yet  programmable  logic  may  be  the  most  cost-effective  method  of  assembling 
computational  power  for  this  problem.  A  recent  paper  [4]  did  briefly  address  the 
cost-effectiveness  of  programmable  logic,  but  their  estimate  appears  to  be  based 
on  flawed  assumptions.  The  one  work  which  investigated  the  problem  most 
closely  [22]  was  a  good  start,  but  it  didn't  go  far  enough:  their  estimates  were 
based  on  theoretical  calculations,  instead  of  real  implementations  and  measure- 
ments. 

Therefore,  there  is  new  ground  to  cover,  and  previous  work  to  validate.  We  will 
explore  the  applicability  and  performance  of  programmable  logic  to  cryptanalysis 
of  A5,  DES,  CDMF,  and  RC4.  This  paper  attempts  to  provide  a  solid,  rigorous 
assessment  of  the  economics  of  cryptanalysis,  relying  on  actual  implementations 
and  experimental  measurements. 
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Related  work 

Previous  exploration  into  exhaustive  keysearch  has  tended  to  concentrate  on 
either  software  implementations  or  custom  hardware  designs;  not  much  has  been 
reported  on  FPGA  (programmable  logic)  architectures.  We  will  survey  the  results 
available  in  the  open  literature. 

The  first  public  brute-force  cryptanalysis  of  40-bit  exportable  RC4  appeared  from 
the  Internet  cypher  punks  community.  (The  NSA  (National  Security  Agency)  had 
almost  certainly  mounted  an  exhaustive  40-bit  search  of  RC4  long  before  that,  but 
they're  playing  their  cards  close  to  their  chest.)  The  cypherpunks  are  a  loose- 
knit  community  dedicated  to  exploring  the  social  ramifications  of  cryptography.  To 
demonstrate  the  need  for  more  secure  encryption,  Hal  Finney  challenged  his  fel- 
low cypherpunks  to  break  40-bit  RC4  [16].  Soon  Adam  Back,  David  Byers,  and 
Eric  Young  announced  [31  that  they  had  successfully  searched  the  40-bit  keyspace 
with  a  software  implementation  running  on  the  idle  cycles  of  several  workstations. 
At  the  same  time,  Damien  Doligez  had  also  independently  finished  a  succesful 
sweep  of  the  RC4  40-bit  keys  [12],  with  the  same  software  implementation.  Not 
long  later,  Piete  Brooks,  Adam  Back,  Andrew  Roos,  and  Andy  Brown  organized  a 
distributed  effort  [51  which  used  donated  idle  cycles  from  many  machines  across 
the  Internet  to  finish  a  second  challenge  in  31  hours,  again  using  a  similar  soft- 
ware implementation.  The  cypherpunks  efforts  gave  us  a  fairly  accurate  estimate 
of  the  complexity  of  exhaustively  searching  the  RC4  40-bit  keyspace  in  software. 

There  have  been  no  reports  of  any  experience  with  exhaustive  keysearch  of  A5  in 
the  open  literature.  The  details  of  the  A5  algorithm  were  only  recently  revealed  to 
the  public  [1],  so  it  is  perhaps  not  surprising  that  it  has  received  less  attention.  Sev- 
eral cryptographers'  initial  reaction  was  that  there  must  be  a  trivial  brute-force 
attack  on  A5  requiring  240  operations  [26], [[11  No  such  attack  ever  materialized,  and 
it  became  clear  that  the  matter  was  not  so  trivial  as  initially  imagined  [26], [2].  The 
current  consensus  appears  to  be  that  A5's  strength  is  possibly  somewhat  more 
than  a  40-bit  cipher  but  less  than  its  64-bit  key  might  indicate. 

There  have  not  been  any  reports  on  CDMF  exhaustive  keysearch  in  the  literature, 
either.  On  the  other  hand,  CDMF  is  very  similar  to  DES — it  is  essentially  DES  with 
a  reduced  40-bit  keylength — so  all  the  research  into  understanding  DES  keysearch 
will  apply  immediately  to  CDMF.  As  we  shall  see,  there  has  been  extensive  work 
examining  DES  brute-force  cryptanalysis. 

There  have  been  many  studies  into  the  economics  of  a  DES  keysearch  implemen- 
tation in  custom  hardware.  (No  one  has  seriously  proposed  breaking  DES  via  soft- 
ware, as  general-purpose  computers  are  orders  of  magnitude  slower  at  this  task 
than  specialized  hardware.)  The  earliest  estimate  came  not  long  after  DES  was  rati- 
fied as  a  national  standard.  Whit  Diffie  and  Martin  Hellman  designed  a  system 


Related  work  10-5 

containing  a  large  number  of  custom-designed  chips  [11].  They  estimated  that  their 
$20  million  architecture  could  recover  a  DES  key  each  day.  After  their  paper 
appeared,  great  controversy  ensued.  Some  argued  that  the  mean  time  between 
failures  would  be  inherently  so  small  that  the  machine  could  never  work;  Diffie 
and  Hellman  refuted  these  objections,  although  they  also  increased  their  cost  esti- 
mate somewhat  [27],  p. 283.  After  the  controversy  died  down,  the  final  estimate 
was  that  DES  would  be  insecure  by  the  year  1990  [19].  A  later  paper  suggested  that 
a  $1  million  custom-designed  hardware  architecture  could  break  DES  in  9  days 
with  technology  forecasted  to  be  available  by  1995  [18].  Another  more  recent  esti- 
mate took  advantage  of  an  extremely  fast  DES  chip  (designed  for  normal  crypto- 
graphic use,  not  cryptanalysis),  concluding  that  a  $1  million  assembly  could  search 
the  DES  key  space  in  8  days  [31], [13], [14].  Yet  another  study  examined  the  feasibil- 
ity of  using  existing  general-purpose  content-addressable  processors,  and  con- 
cluded that  a  DES  keysearch  would  take  30  days  on  them  with  a  $1  million 
investment  [30]  Even  more  writing  on  the  subject  of  hardware  DES  keysearch  can 
be  found  in  [25],  and  some  issues  in  DES  chip  design  can  be  found  in  [21, [15], [6]. 

All  these  estimates  were  superseded  by  a  compelling  1993  paper  [31]  from  Michael 
Wiener.  He  went  to  the  effort  of  assembling  a  very  comprehensive  design  (extend- 
ing for  a  hefty  42  pages!)  of  a  custom-hardware  DES  keysearch  machine,  including 
low-level  chip  schematics  as  well  as  detailed  plans  for  controllers  and  shelving. 
After  a  $0.5  million  investment  to  design  the  machine  and  $1  million  to  build  it,  a 
DES  key  could  be  recovered  each  3-5  hours,  he  argued.  (Note  the  large  develop- 
ment cost.  This  is  a  unique  attribute  of  custom  hardware  designs.)  His  work  has 
remained  the  definitive  estimate  of  DES  keysearch  cost  since  then.  On  the  other 
hand,  we  have  seen  3  years  of  steady  progress  in  chip  performance  and  cost  since 
then,  and  Moore's  law  remains  as  true  as  ever,  so  Wiener's  figures  should  be 
adjusted  downward  accordingly. 

This  year  an  ad-hoc  group  of  experts  was  convened  to  recommend  appropriate 
cryptographic  key  lengths  for  corporate  security;  their  report  [4]  was  very  influen- 
tial. In  this  larger  context,  they  very  briefly  surveyed  the  application  of  software, 
reconfigurable  logic,  and  custom  hardware  to  the  brute-force  cryptanalysis  of 
40-bit  RC4  and  (56-bit)  DES.  We  are  a  bit  skeptical  about  the  precise  performance 
predicted  for  an  RC4-cracking  chip:  they  claimed  that  a  single  $400  FPGA  ought  to 
be  able  to  recover  a  40-bit  RC4  key  in  five  hours.  (Amortizing  this  over  many  key- 
searchs,  they  determined  that  each  keysearch  would  cost  $0.08,  causing  some  to 
refer  to  40-bit  RC4  as  "8-cent  encryption".)  This  estimate  seems  extremely  opti- 
mistic, as  it  would  require  30  million  key  trials  per  second;  RC4  key  setup  requires 
at  least  1024  serialized  operations  (256  iterations  of  a  loop,  with  4  memory 
accesses  and  calculations  per  iteration),  so  this  would  represent  a  throughput  of  30 
billion  operations  per  second.  Even  with  a  dozen  parallel  independent  keysearch 


10-6  Chapter  10:  Architectural  Considerations  for  Cryptanalytic  Hardware 

engines  operating  on  the  chip  (which  would  require  serious  hardware  resources), 
this  would  imply  clock  rates  measured  in  Gigahertz — a  rather  unlikely  scenario! 
Accordingly,  our  skepticism  helped  motivate  us  to  attempt  an  independent  investi- 
gation of  these  issues. 

At  the  other  extreme,  we  are  also  concerned  about  gross  overestimates  of  the 
security  of  RC4.  After  several  cypherpunks  folks  demonstrated  how  easy  it  is  to 
cryptanalyze  RC4  with  the  idle  cycles  of  general-purpose  computers,  Netscape  had 
to  respond.  Their  note  made  several  good  points — for  instance,  that  export  con- 
trols were  to  blame,  leaving  them  no  choice  but  to  use  weak  encryption — but 
their  estimate  of  the  cost  of  breaking  40-bit  RC4  was  greatly  flawed.  The  first  suc- 
cessful keysearch  used  idle  cycles  on  120  workstations  for  8  days.  Netscape 
claimed  that  this  was  $10,000  worth  of  computing  power,  concluding  that  mes- 
sages worth  less  than  $10,000  can  be  safely  protected  with  40-bit  RC4  encryption 
[91.  Exposing  the  invalidity  of  this  estimate  was  another  motivating  force  for  us. 

One  unpublished  work  [22]  has  studied  in  depth  the  relevance  of  reconfigurable 
logic  to  cryptologic  applications.  They  assessed  the  complexity  of  a  keysearch  of 
DES  and  RC4  (as  well  as  many  other  non-cryptanalytic  problems).  The  main  weak- 
ness of  this  aspect  of  their  survey  is  that  several  of  the  estimates  relied  on  theoreti- 
cal predictions  instead  of  real  implementations  and  experimental  measurements.  In 
this  paper,  we  attempt  to  give  more  rigorous  estimates,  paying  attention  to  the 
architectural  and  economic  issues  facing  these  cryptanalytic  applications. 

Technical  Approach 

Workloads  and  Architectures 

As  we  have  explained  earlier,  there  is  much  interest  in  the  security  of  crypto- 
graphic algorithms.  The  algorithms  with  short  keys  (such  as  A5,  RC4,  CDMF,  and 
DES)  are  the  most  interesting  to  examine,  as  their  security  depends  intimately  on 
the  state-of-the-art  in  high-performance  computing.  Therefore,  we  concentrate  on 
algorithms  to  break  A5,  RC4,  CDMF,  and  DES. 

Software  implementations  running  on  general-purpose  microcomputers  have 
received  perhaps  the  most  attention  [31, [12], [5].  To  achieve  maximum  performance, 
though,  we  must  also  consider  the  tradeoffs  associated  with  customizable  hard- 
ware. We  will  focus  mainly  on  hardware  implementations  of  cryptanalytic  algo- 
rithms; we  then  compare  the  tradeoffs  between  the  hardware  and  software 
approaches. 

The  most  specialized  approach  involves  using  ASICs:  custom-designed  hardware, 
specially  tailored  to  one  particular  cryptanalytic  application.  They  require  a  signifi- 
cant initial  investment  for  design  and  testing;  they  also  must  be  produced  in  mass 
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quantity  for  them  to  be  economical.  Therefore,  while  probably  the  most  efficient 
approach  for  a  dedicated  cryptanalytic  application,  ASICs  require  such  a  large 
investment  that  they  are  probably  only  of  interest  to  small  governments  or  large 
corporations — they  are  certainly  not  within  reach  for  a  class  project! 

Fortunately,  there  is  a  middle  ground  between  ASICs  and  software.  CPLDs  (Com- 
plex Programmable  Logic  Devices)  provide  reconfigurable  logic;  they  are  commer- 
cially available  at  low  prices.  They  provide  the  performance  benefits  of 
customizable  hardware  in  small  volume  at  a  more  reasonable  price.  We  obtained 
access  to  a  set  of  Altera  FLEX8000  series  programmable  logic  devices — more 
specifically,  81188GC232  chips.*  These  are  mounted  on  a  RIPP10  board,  which  can 
accomodate  up  to  eight  FLEX8000  chips  and  four  128KB  SRAM  memory  chips. 

Therefore,  the  primary  platform  of  interest  was  the  RIPP10  board  with  FLEX8000 
chips;  for  comparison  purposes,  we  also  investigated  several  other  programmable 
logic  devices,  as  well  as  software-driven  implementations.  The  workload  consisted 
of  brute-force  cryptanalytic  applications  for  RC4,  A5,  DES,  and  CDMF. 

The  Figure  of  Merit 

It  is  important  to  keep  in  mind  what  quantities  we  are  trying  to  measure.  Regard- 
less of  whether  the  methodology  involves  real  implementations  or  synthetic  simu- 
lations, the  ultimate  figure  of  merit  is  the  performance-cost  ratio. 

Why  is  the  performance-cost  ratio  the  relevant  quantity?  In  general,  our  cryptana- 
lytic applications  are  characterized  by  extreme  suitability  to  parallelization:  the 
process  of  exhaustive  search  over  many  keys  can  be  broken  into  many  indepen- 
dent small  computations  without  penalty.  One  fast  machine  will  finish  the  compu- 
tation in  exactly  the  same  time  as  two  machines  which  are  twice  as  slow. 
Therefore,  the  relevant  criterion  is  the  "bang-to-buck"  ratio,  or  more  precisely,  the 
numbers  of  trial  keys  searched  per  second  per  dollar. 

Methodology 

We  used  several  methods  to  understand  the  architectural  tradeoffs  and  their  effect 
on  cryptanalytic  applications.  We  first  implemented  a  few  sample  cryptanalytic 
algorithms  and  directly  measured  their  performance  on  real  workloads  and  actual 
architectures.  Direct  measurement  is  obviously  the  most  desirable  experimental 
technique;  unfortunately,  we  do  not  have  access  to  every  system  in  existence. 
Therefore,  to  forecast  the  behavior  on  other  platforms,  we  also  used  several  simu- 
lation tools.  In  both  cases,  we  examine  actual  applications  and  real  systems. 


*  We  greatly  appreciate  the  kind  support  of  Bruce  Koball  and  Eric  Hughes! 
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Direct  measurement 

Doing  direct  measurements  on  real  systems  running  real  applications  is  conceptu- 
ally straightforward  (but  still  labor-intensive  in  practice!).  First,  we  directly  imple- 
mented the  relevant  cryptanalytic  algorithms  for  the  Altera  FLEX8000  platform. 
Once  this  is  done,  it  is  easy  to  do  several  small  time  trials  to  measure  performance. 
Finally,  we  used  technical  data  sheets  [8]  and  price  lists  [7], [24]  from  Altera  to 
assess  the  cost  of  the  system. 

We  also  implemented  the  applications  in  software.  Measuring  performance  is  easy; 
fixing  a  price  on  the  computation  is  a  bit  less  straightforward,  and  we  will  address 
that  in  a  later  section. 

Simulations 

It  would  be  valuable  to  obtain  measurements  for  a  variety  of  CPLD  architectures. 
As  we  only  have  access  to  the  Altera  RIPP10  board  and  FLEX8000  81188GC232 
chips,  the  experimental  procedure  becomes  a  bit  more  involved.  Fortunately,  our 
development  environment  offers  compilation,  simulation,  and  timing  analysis  tools 
for  several  programmable  logic  devices.  We  therefore  compiled  the  applications 
for  several  other  chips  and  calculated  predicted  performance  estimates  with  the 
simulation  tools. 

An  important  step  for  any  simulation  technique  is  to  validate  the  simulation  pro- 
cess. Accordingly,  we  applied  the  same  simulation  and  timing  analysis  procedure 
to  our  applications  for  the  FLEX8000  81188GC232;  comparing  the  performance 
estimates  from  the  simulation  with  the  direct  measurements  lets  us  validate  our 
experimental  methodology. 

Design  and  Analysis 

Overview 

We  begin  by  setting  up  a  model  for  analysis  and  describing  several  design  issues 
that  are  common  to  all  cryptanalytic  hardware. 

For  this  project,  we  are  assuming  the  "known  plaintext"  model  of  cryptanalysis.  In 
this  model,  an  adversary  has  an  encrypted  message  (the  ciphertext),  and  also  a 
small  amount  of  the  original  message  (the  known  plaintext) .  He  also  knows  what 
part  of  the  ciphertext  corresponds  to  the  known  plaintext.  The  goal  of  the  adver- 
sary7 is  to  determine  the  key  necessary  to  decrypt  the  ciphertext  into  the  known 
plaintext.  He  can  then  use  this  key  to  decrypt  the  rest  of  the  encrypted  message. 

Other  models  of  cryptanalysis,  such  as  "ciphertext  only"  or  "probabilistic  plaintext" 
[291  are  more  complicated  to  use,  but  do  not  require  an  adversary  to  have  specific 


Design  and  Analysis  10-9 

knowledge  of  part  of  the  original  message.  However,  as  most  messages  have  some 
well-known  parts  (a  From  header  in  a  mail  message,  for  example),  the  known 
plaintext  model  turns  out  to  be  applicable  to  almost  all  situations. 

For  a  cryptographic  algorithm  to  be  considered  secure,  there  must  be  no  way  to 
determine  the  decryption  key  which  is  faster  than  just  trying  every  possible  key, 
and  seeing  which  one  works  (note  that  this  is  a  necessary,  but  not  sufficient,  con- 
dition). This  method  is  called  brute  force. 

Breaking  a  cryptographic  algorithm  by  brute  force  involves  the  following  steps: 

For  each  key  in  the  keyspace 

•  Perform  key  setup 

•  Decrypt  the  ciphertext  and  compare  it  to  the  known  plaintext 

As  will  be  seen  below,  different  algorithms  spend  different  amounts  of  time  in  the 
two  steps.  (For  instance,  stream  ciphers — which  generate  output  one  bit  at  a 
time — allow  us  to  prune  incorrect  key  guesses  very  rapidly — while  block 
ciphers — which  operate  on  a  block  at  a  time — require  us  to  generate  the  entire 
output  block  before  any  comparison  is  possible.  DES  and  CDMF  are  block  ciphers; 
A5  and  RC4  are  stream  ciphers.) 

We  measure  the  expected  number  of  cycles  for  each  of  the  two  steps  for  each  key, 
and  add  them  to  determine  a  Cycles  per  Key,  or  CPK  value  for  the  algorithm. 

Similar  to  the  formula  for  CPU  time  found  in  [20]: 

CPU  time  =  Instruction  Count  x  CPI  x  Clock  cycle  time 

we  have  a  formula  for  brute-force  searching  a  keyspace: 

Search  time  =  Keys  to  check  x  CPK  x  Clock  cycle  time 

As  with  the  [20]  equation,  we  ignore  CPU  time.  This  is  valid  because  we  take  care 
to  avoid  I/O  as  much  as  possible.  Cryptanalytic  applications  are  typically  compute- 
bound,  so  this  is  an  important  optimization. 

In  the  above  formula,  "Keys  to  check"  indicates  the  number  of  keys  to  search;  this 
can  simply  be  the  total  number  of  keys  that  can  be  used  with  the  algorithm,  or,  in 
the  event  that  many  chips  are  being  used  to  simultaneously  search  the  keyspace,  it 
can  be  some  fraction  thereof. 

"CPK",  as  described  above,  is  defined  to  be  "KeySetup  +  Comparison".  "KeySetup" 
is  the  number  of  cycles  required  to  load  a  key  into  the  algorithm's  internal  data 
structures,  so  that  the  key  search  engine  is  ready  to  produce  output.  "Comparison" 
is  the  expected  number  of  cycles  required  for  the  algorithm  to  produce  enough 
output  so  that  it  can  be  determined  whether  the  key  is  the  correct  one.  Note  that 
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different  algorithms  divide  their  time  differently  between  these  two  parts,  as  will 
be  seen  in  more  detail  below. 

"Clock  cycle  time"  is  exactly  what  one  would  expect;  algorithms  that  attempt  to  do 
more  complicated  work  in  one  cycle  will  tend  to  have  a  higher  clock  cycle  time. 
This  is  also  the  factor  that  will  vary  most  when  using  different  models  of  hard- 
ware, as  faster  (more  expensive?)  chips  have  smaller  gate  delays.  One  important 
design  feature  common  to  all  brute-forcing  algorithms  also  affects  this  factor:  how 
does  one  cycle  through  all  of  the  keys  in  the  keyspace?  The  obvious  solution  (to 
simply  start  at  0,  and  increment  until  the  correct  key  is  found)  turns  out  to  be  a 
bad  one,  as  incrementing  a  number  of  even  8  bits  causes  unacceptably  large  gate 
delays  in  propagating  the  carry.  Tricks  such  as  carry-save  arithmetic  [20]  are  usu- 
ally not  useful  here,  because  keys  are  usually  not  used  by  the  encryption  algo- 
rithms as  numbers,  but  rather,  as  bit  strings. 

A  better  solution  [31],  which  uses  the  fact  that  the  keys  need  not  be  checked  in 
sequential  order,  is  to  use  a  linear  feedback  shift  register  [27],  or  LFSR.  An  LFSR  is  a 
register  that  can  either  be  loaded  (to  set  the  register's  value),  or  have  its  existing 
value  shifted  (in  order  to  output  1  bit,  and  to  change  the  register's  value).  Of  the 
two  styles  of  LFSR,  the  usual  style  is  called  a  Fibonacci  LFSR.  To  shift  a  Fibonacci 
LFSR,  simply  copy  each  bit  to  its  neighbor  on  the  right.  The  original  rightmost  bit 
is  considered  the  output.  The  bit  that  is  shifted  in  at  the  left  is  the  parity  of  some 
specific  subset  of  the  bits  (the  taps)  of  the  register  (see  Figure  10-1. 
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Figure  10-1:  Fibonacci  LFSR 


The  most  important  properties  of  an  LFSR  are  that  it  has  a  low  (constant)  gate 
delay,  and  more  importantly,  if  the  taps  are  chosen  properly,  repeated  shifting 
(starting  with  any  non-zero  value)  will  cycle  through  every  possible  non-zero 
value  of  the  register. 

The  other  style  of  LFSR  is  called  a  Galois  LFSR,  which  has  the  same  properties  as 
the  Fibonacci  LFSR,  but  is  shifted  differently.  To  shift  a  Galois  LFSR,  copy  each  bit 
to  its  neighbor  on  the  right,  except  for  the  taps,  for  which  the  rightmost  bit  of  the 
register  is  XOR'd  in  before  the  copy  is  done.  The  bit  that  is  shifted  in  at  the  left  is 
the  original  rightmost  bit,  which  is  also  considered  the  output  (see  Figure  10-2). 
The  advantage  of  a  Galois  LFSR  over  a  Fibonacci  LFSR  when  being  implemented 
in  hardware  is  that  a  Galois  LFSR  usually  has  an  even  lower  gate  delay  than  a 
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Figure  10-2:  Galois  LFSR 

Fibonacci  LFSR,  resulting  in  a  potentially  lower  clock  cycle  time.  For  this  reason, 
Galois  LFSRs  are  usually  used  to  cycle  through  the  list  of  possible  keys. 

In  order  to  take  advantage  of  parallelism,  one  must  be  able  to  distribute  the 
keyspace  equitably  among  the  multiple  hardware  devices.  Standard  mathematical 
techniques  allow  us  to  easily  calculate  the  value  of  the  shift  register  after  any  given 
number  of  shifts.  From  this,  we  can  determine  evenly  separated  starting  positions 
for  each  device  in  the  search  engine. 

We  will  now  describe  the  design  issues  and  analysis  that  were  performed  when 
we  implemented  various  encryption  algorithms  in  programmable  logic. 


A5 

A  5  [1]  is  the  encryption  algorithm  used  in  GSM,  the  European  standard  for  digital 
cellular  telephones.  It  consists  of  three  Fibonacci  LFSRs  of  sizes  19,  22,  and  23 
respectively,  which  are  initially  loaded  with  the  contents  of  the  64-bit  key.  The 
middle  bits  of  all  three  LFSRs  are  examined  at  each  clock  cycle  to  determine  which 
registers  shift  and  which  do  not  (at  least  two  of  the  three  registers  shift  in  each 
clock  cycle).  The  parity  of  the  high  bits  of  the  LFSRs  is  output  after  each  shift,  and 
this  output  bitstream  is  XOR'd  with  the  ciphertext  to  recover  the  original  message. 

This  algorithm  is  quite  well-suited  for  implementation  in  hardware  due  to  the  sim- 
plicity of  LFSRs;  given  that  it  was  designed  for  use  in  cellular  phones,  in  which 
limited  resources  are  available,  this  should  not  be  surprising.  The  simplicity  of  the 
algorithm  leaves  almost  no  room  for  creativity  to  the  implementer. 

The  resource  requirements  for  A5  are  quite  minimal;  they  consist  mainly  of  the  64 
flipflops  that  make  up  the  three  LFSRs.  In  this  algorithm,  the  key  setup  time  is  triv- 
ial (a  single  cycle  to  load  the  LFSRs  with  their  initial  state);  the  majority  of  the 
algorithm  consists  of  comparing  the  output  of  the  generator  (which  comes  out  at  a 
rate  of  1  bit  per  cycle)  to  the  expected  output.  Since  incorrect  keys  produce  essen- 
tially random  data,  the  expected  number  of  bits  we  need  to  check  before  rejecting 
a  key  is  2.  Thus,  the  total  number  of  cycles  per  key  for  A  5  is  CPK  =  KeySetup  + 
Comparison  =1  +  2  =  3. 
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RC4 

RC4  [27]  is  the  encryption  algorithm  used  in,  among  other  things,  the  Secure  Sock- 
ets Layer  (SSL)  protocol  [17]  used  by  Netscape  and  other  World  Wide  Web 
browsers  to  transmit  encrypted  information  (such  as  banking  transactions)  over  the 
Internet.  RC4  is  quite  a  simple  algorithm;  start  with  a  256-byte  read-only  array  K 
that  stores  the  key  (repeat  the  key  as  often  as  necessary  to  fill  K),  a  256-byte  ran- 
dom-access array  S,  and  two  8-bit  registers  i  and  j . 

To  do  key  setup,  start  with  j  =0,  and  do: 

for  i  =  0  to  255: 

S[i]  =  i 
for  i  =  0  to  255: 

j  =  (j  +  S[i]  +  K[i] )  mod  2  56 

swap  S [ i ]  and  S [ j ] 

Once  the  key  setup  is  complete,  set  i  =  j  =0,  and  to  generate  each  byte,  do: 

i    =    (i    +    1)    mod   2  56 

j    =    ( j    +    S  [  i ] )    mod   2  5  6 

swap   S [ i ]    and   S [ j  ] 

output    S[(S[i]    +    S[j])    mod   256] 

The  sequence  of  bytes  outputted  is  XOR'd  with  the  ciphertext  to  recover  the  origi- 
nal message. 

SSL,  one  common  system  that  uses  RC4,  has  a  small  added  complexity.  Instead  of 
the  key  being  copied  into  the  array  K,  as  described  above,  it  is  first  processed  by 
the  MD5  hash  function;  the  result  of  the  MD5  computation  is  then  copied  into  K. 
Our  design  and  analysis  does  not  include  MD5,  which  is  quite  large,  complicated, 
and  includes  many  32-bit  additions,  so  readers  hoping  to  break  SSL  should  keep  in 
mind  that  their  performance  will  be  substantially  worse  than  that  determined 
below. 

The  resource  requirements  for  RC4  are  considerable.  Most  notably,  it  requires  258 
bytes  of  state  (compare  8  bytes  of  state  for  A5),  256  bytes  of  which  need  to  be 
accessed  randomly.  Such  resources  were  beyond  the  capabilities  of  the  pro- 
grammable logic  chips  we  had  available,  but  fortunately  the  board  on  which  the 
logic  chips  were  mounted  had  128KB  of  SRAM  accessible  to  the  logic  chips  via  a 
bus;  we  stored  the  array  S  in  this  SRAM.  Note  that  the  key  array  K  is  accessed  in  a 
predictable  order,  so  it  was  not  necessary  to  store  it  in  the  SRAM. 

Unfortunately,  when  trying  to  produce  intstruction-level  parallelism  in  the  algo- 
rithm, the  single  port  to  the  SRAM  becomes  a  structural  hazard.  For  this  reason,  it 
was  necessary  to  serialize  accesses  to  this  SRAM.  Initially,  we  expected  that  going 
off-chip  to  access  the  SRAM  would  be  the  bottleneck  that  determined  the  mini- 
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mum  clock  cycle  time;  the  section  entitled  "Analysis"  below  shows  that  we  were 
incorrect. 

We  now  calculate  the  "Cycles  per  Key"  value  for  RC4.  Examining  the  key  setup 
code,  it  is  clear  that  the  first  loop  requires  1  cycle  to  initialize  i  to  0,  and  256 
cycles  to  complete,  and  each  iteration  of  the  second  loop  requires  4  cycles  (1  each 
to  read  and  write  S  [  i  ]  and  S  [  j  ]  ),  for  a  total  key  setup  time  of  1281  cycles. 

Similarly,  each  byte  of  output  requires  5  cycles  to  produce  (1  each  to  read  and 
write  S  [  i  ]  and  S  [  j  ] ,  and  1  to  read  S[(S[i]  +  S  [  j  ]  )  mod  2  5  6].  The 
expected  number  of  bytes  needed  to  determine  whether  the  guessed  key  is  correct 
is: 

(l-^)-'<  1.004 

so  the  value  of  "Comparison"  is  very  near  5.  Thus  we  calculate  the  total  Cycles  per 
Key  to  be  CPK  =  KeySetup  +  Comparison  =  1281  +  5  =  1286. 

DES  and  CDMF 

DES  is  the  national  Data  Encryption  Standard;  it  enjoys  widespread  use  by  the 
banking  industry,  as  well  as  being  one  of  the  preferred  algorithms  for  securing 
electronic  communications.  DES  transforms  a  64  bit  input  block  into  a  64  bit  out- 
put by  a  reversible  function  which  depends  on  the  56  bit  key  in  a  highly  non-lin- 
ear way. 

The  DES  algorithm  was  designed  primarily  for  efficiency  in  hardware,  and  thus  has 
several  distinguishing  features  worth  noting.  It  consists  of  an  initial  and  final  per- 
mutation and  16  rounds  of  main  processing,  with  each  round  transforming  the 
input  bits  via  a  "mix-and-mash"  process.  Bit  permutations  are  used  extensively;  of 
course,  they  are  trivial  to  do  in  hardware  by  simply  reordering  wires.  Each  round 
also  contains  8  different  "Substitution"  boxes  (or  S-boxes  for  short);  the  S-boxes 
are  non-linear  functions  which  map  6  input  bits  to  4  output  bits.  S-boxes  are  not 
very  resource-intensive  in  hardware:  they  can  be  implemented  as  four  6-input 
boolean  functions,  and  their  small  size  keeps  the  gate  count  reasonable.  The  key 
is  stored  in  a  shift  register,  rotated  before  each  round,  and  exclusive-or-ed  into  the 
block  during  each  round.  This  is  also  straightforward  to  implement  in  hardware. 

CDMF  (Commercial  Data  Masking  Facility)  [231  is  a  related  algorithm  which  uses 
DES  as  the  underlying  transformation;  the  only  difference  is  that  it  weakens  the 
key  to  meet  US  export  restrictions.  CDMF  has  an  effective  40-bit  keylength,  which 
is  then  expanded  to  a  56  bit  DES  key  by  using  another  DES  transformation.  Load- 
ing a  CDMF  key  requires  one  initial  DES  operation,  and  transforming  each  64  bit 
block  requires  one  DES  operation.  Therefore  an  implementation  of  a  DES  key- 
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search  application  leads  easily  to  a  CDMF  keysearch  engine  with  half  the  search 
rate. 

Our  DES  implementation  was  forced  to  be  rather  minimal  to  fit  in  the  limited 
resources  available  on  our  chip.  We  implemented  one  round  of  DES,  with  the 
appropriate  S-boxes  and  bit  permutations.  Some  extra  flip-flops  and  a  state 
machine  allow  us  to  iterate  the  round  function  16  times;  there  was  not  sufficient 
space  (i.e.  logic  gates)  available  to  implement  16  instantiations  of  each  S-box. 

The  S-boxes  are  perhaps  the  most  critical  component,  and  we  tried  several  differ- 
ent implementation  approaches  for  them.  One  natural  way  to  describe  each  S-box 
is  as  a  64-entry  lookup  table  containing  4  bit  entries.  This  might  be  a  good  choice 
if  the  chip  had  contained  some  user-configurable  ROM;  ours  didn't.  A  similar 
approach  takes  advantage  of  the  compiler  support  for  "case"  statements,  which 
gets  translated  into  a  hardware  structure  containing  a  64-line  demultiplexor  and  or 
gates  expressing  the  relevant  minterms.  This  structure  minimizes  gate  delay  at  the 
expense  of  space  resources.  In  fact,  this  structure  increased  the  gate  requirements 
significantly,  to  the  point  where  the  8  S-boxes  alone  required  more  hardware 
resources  than  our  overworked  chip  had  to  offer.  The  compiler  was  not  particu- 
larly helpful  at  doing  space-time  tradeoffs  to  minimize  the  space  requirements,  so 
we  ended  up  optimizing  the  S-box  functions  by  hand. 

The  manual  optimization  we  settled  on  can  be  viewed  as  a  form  of  speculative 
execution.  First,  note  that  it  suffices  to  describe  how  to  compute  the  6-bit  to  1-bit 
boolean  function  that  calculates  one  output  bit  of  some  S-box.  Since  the  S-boxes 
behave  roughly  like  they  were  chosen  at  random,  we  don't  expect  to  find  any 
structure  in  the  outputs — i.e.  each  output  will  be  an  uncorrelated  non-linear  func- 
tion of  the  inputs — so  this  is  roughly  optimal.  To  compute  such  a  6-to-l  function, 
we  first  isolate  2  of  the  6  input  bits  as  control  bits.  We  do  speculative  execution 
with  four  functional  cells;  each  cell  computes  the  output  of  the  6-to-l  function 
under  a  speculative  assumption  about  the  2  control  bits.  As  there  are  four  possible 
values  of  the  control  bits,  the  four  functional  cells  enumerate  all  possibilities.  At 
the  same  time  the  functional  cells  are  computing  their  4-to-l  function,  a  multi- 
plexor unit  concurrently  selects  one  of  the  functional  cells.  The  calculation  of  the 
6-to-l  function  via  speculative  execution  is  depicted  in  Figure  10-3.  This  choice  of 
S-box  implementation  structure  is  tailored  to  our  Altera  FLEX8000  chips:  these 
chips  are  organized  as  an  array  of  logic  cells,  where  each  logic  cell  can  compute 
an  arbitrary  (configurable)  4-to-l  boolean  function.  For  chips  with  a  different  orga- 
nization, some  other  manual  optimization  might  be  more  appropriate. 

The  "Search  time"  equation  for  our  CDMF  implementation  is  not  hard  to  analyze. 
One  can  easily  count  the  CPK  by  direct  inspection  of  our  implementation.  We 
have  a  finite  state  machine  with  4  states,  labelled  from  a  to  d.  The  cycle-by-cycle 
breakdown  of  the  "KeySetup"  time  for  one  CDMF  encryption  is  as  follows: 
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Figure  10-3:  Calculation  of  a  boolean  function  with  6  inputs 


a.  1  cycle  to  increment  the  key  and  load  in  the  40-bit  CDMF  trial  key 

b.  1  cycle  to  perform  the  DES  input  permutation 

c.  16  cycles  to  perform  16  rounds  of  encryption 
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cl.   1  cycle  to  perform  the  DES  final  permutation  and  load  in  the  64  bit  plaintext 
block 

We  can  see  that  the  "KeySetup"  time  is  19  cycles.  An  enumeration  of  the  output 
generation  and  comparison  stage  yields 

a.  1  cycle  to  perform  the  DES  input  permutation 

b.  16  cycles  to  perform  16  rounds  of  encryption 

c.  1  cycle  to  perform  the  DES  final  permutation,  compare  the  ciphertext  block  to 
the  expected  value,  and  return  to  state  a  if  this  trial  key  was  incorrect 

This  means  that  the  "Comparison"  time  is  18  cycles,  so  the  total  CPK  is  19+18  =  37. 
Note  that  DES  encrypts  the  entire  64  bit  block  at  once,  unlike  a  stream  cipher,  so 
we  check  all  of  the  output  bits  in  parallel. 

The  hardware  resources  required  by  CDMF  are  reasonable  but  non-negligible  for 
commercial  CPLDs.  Our  minimal  implementation  required  (the  equivalent  of) 
roughly  10000  gates.  This  is  certainly  within  reach  for  many  newer  commercial 
CPLDs,  although  there  are  also  many  older  or  less  expensive  CPLDs  which  cannot 
handle  the  requirements.  It  is  important  to  keep  the  entire  keysearch  engine  on 
one  chip;  otherwise,  inter-chip  I/O  will  severely  limit  performance. 

Analysis 

We  cross-compiled  our  cryptanalysis  implementations  for  many  different  Altera 
CPLDs,  and  ran  a  simulation  and  timing  analysis  to  measure  the  maximum  applica- 
ble clock  cycle  time.  The  results  are  plotted  in  Figure  10-4  for  CDMF,  Figure  10-5 
for  A5,  and  Figure  10-6  for  RC4.  Some  explanation  is  in  order,  as  there  are  a  lot  of 
data  summarized  there.  The  chip  specification  (e.g.  81188GC232-3)  can  be  dis- 
sected as  follows:  the  81188  refers  to  the  general  family,  the  232  specifies  a 
232-pin  package,  and  the  -3  refers  to  the  speed  grade  (lower  numbers  are  faster). 
The  81500  is  the  top  of  the  line  Altera  FLEX8000  device;  the  81188  is  a  bit  less 
powerful.  Chips  without  the  "A"  designation  were  fabricated  with  an  older  .8 
micron  process;  the  "A"  indicates  chips  that  were  manufactured  with  a  newer, 
faster  .6  micron  process.  The  figure  shows  throughput  graphed  against  the  initial 
investment  required;  the  chips  with  the  best  performance-to-cost  (Y/X)  ratio  are 
the  best  buy.  The  prices  are  taken  from  a  very  recent  Altera  price  list  [7], [24].  As 
there  are  discounts  in  large  quantities,  we  have  plotted  price  points  for  small 
quantities  with  a  red  line  and  for  large  batches  with  a  blue  line. 

We  also  measured  the  performance  for  the  81188GC232-3  chip  directly — it  is  the 
only  one  we  had  access  to.  Our  measurements  agreed  closely  with  the  simulated 
timing  analysis,  confirming  the  validity  of  our  experimental  methodology. 
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Measurements  for  DES  are  not  listed.  Nonetheless,  they  track  the  CDMF  perfor- 
mance figures  very  closely.  CDMF  consists  of  two  DES  encryptions — one  for  key 
setup,  and  one  for  output  generation — with  very  little  overhead.  The  DES  key- 
search  rates  can  be  derived  from  Figure  10-4  by  simply  doubling  the  CDMF  rate. 
Also,  remember  that  the  DES  keyspace  is  216  times  as  large.  Our  data  indicate  that 
if  one  wanted  a  machine  which  could  perform  a  DES  keysearch  in  a  year  on  aver- 
age, it  would  suffice  to  spend  $45,000  to  buy  600  of  the  Altera  81500ARC240-4 
CPLDs.  (This  is  a  very  rough  estimate,  which  does  not  include  overhead  such  as 
mounting  shelves,  etc.) 
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Figure  10-4:  CDMF  cryptanalysis  economics 


One  can  note  several  interesting  things  from  the  graph.  First,  examine  the  peculiar 
zig-zag  nature  of  the  81188ARC240  lines.  The  points  are  plotted  in  order  of  the 
chip's  rated  speed  grade,  from  A-6  on  the  bottom  to  A-2  on  the  top.  The  strange 
"zag"  occurs  because  the  price  for  a  faster  A-4  chip  drops  significantly  below  the 
price  for  the  slower  A-5.  Altera  specifies  the  A-4,  A-3,  and  A-2  as  their  "preferred" 
grades  for  that  chip,  presumably  because  there  is  more  sales  volume  for  those 
speed  grades.  If  you  were  to  build  a  keysearch  engine  out  of  81188ARC240  chips, 
you  should  try  to  be  right  at  the  "hump" — the  A-4  speed  grade  is  the  best  buy  for 
that  chip. 
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Figure  10-5:  A5  Cryptanalysis  Economics 


We  have  not  yet  explained  the  two  leftmost  dotted  lines.  The  81500  line  of  chips 
contains  more  hardware  resources  than  the  81188 — 1296  instead  of  1008  "logic 
elements" — and  this  extra  space  should  be  taken  into  account  when  comparing 
hardware  devices.  With  our  A5  and  CDMF  implementations,  there  is  quite  a  bit  of 
space  left  over  on  the  81500  chip,  as  it  turns  out.  Therefore,  it  is  nauiral  to  ask 
whether  two  independent  key  trial  engines  might  fit  on  the  same  chip.  We  believe 
(from  close  examination  of  the  resource  usage)  that,  with  A5  and  CDMF.  there  are 
sufficient  hardware  resources  on  the  81500  to  support  two  superscalar  keysearch 
operations.  (It  would  admittedly  be  a  tight  fit.)  Because  of  time  pressures,  we  have 
not  actually  implemented  this.  RC4  requires,  it  seems,  too  many  resources  f mainly 
flip-flops  for  internal  state)  to  use  this  strategy.  There  would  be  other  difficulties 
with  RC-t.  anyhow — one  would  probably  need  a  dual-ported  SRAM,  or  two  SRAM 
chips  attached  to  the  CPLD  (as  discussed  below). 

One  might  wonder  why  we  proposed  taking  advantage  of  extra  hardware 
resources  with  a  multiple-issue  architecture,  instead  of  using  (say)  advanced 
pipelining  techniques.  It  is  worthwhile  to  recall  why  advanced  pipelining  tech- 
niques were  developed.  On  a  traditional  general-purpose  computer,  programs  are 
typically  serialized  so  highly  that  if  one  were  to  implement  several  independent 
simple  processors  on  the  same  chip,  there  simply  would  not  be  enough  tasks  to 
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Figure  10-6:  RC4  Cryptanalysis  economics 


keep  the  co-processors  busy  with  useful  work.  Architects  have  been  blessed  with 
plentiful  hardware  resources  and  cursed  with  the  need  to  speed  up  single-instruc- 
tion-stream uniprocessors;  this  explains  the  proliferation  of  sophisticated  pipelin- 
ing methods.  (Of  course,  pipelining  does  not  provide  linear  speedup  with  linear 
increases  in  hardware  resources,  like  parallelism  would,  but  it  is  better  than  noth- 
ing!) We  are  faced  with  an  entirely  different  situation  here.  Our  cryptanalytic  appli- 
cations encourage  virtually  unlimited  parallelism,  so  there  is  no  need  to  look  to 
sophisticated  caching  schemes  for  speeds.  Achieving  parallelism  via  a  superscalar 
architecture  is  both  simpler  and  more  effective  for  our  purposes. 

The  projected  performance  for  parallelized  81500  A5  and  CDMF  keysearch  is  indi- 
cated on  the  plots  with  a  green  and  block  dotted  line,  labelled  uhalf_81500ARC240 
family",  with  the  unit  price  halved  to  indicate  its  factor-of-two  multiple-issue 
nature.  (We  could  have  doubled  the  performance  instead,  but  that  would  have 
made  the  graph  harder  to  read,  so  for  ease  of  comprehension  and  comparison  we 
chose  to  halve  the  cost  instead.) 

We  discussed  in  class  why  the  future  of  high-performance  computing  lies  in  mas- 
sively-parallel collections  of  low-end  processors  (say,  Pentiums),  instead  of  in  spe- 
cialized advanced  CPUs.  One  major  reason  is  that  Pentium  processors  are  sold  in 
such  large  quantities  that  tremendous  economies  of  scale  apply,  and  specialized 
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processors  simply  cannot  compete  with  the  low-end's  ever-increasing  perfor- 
mance-cost ratio.  We  can  see  that  an  analogous  situation  applies  here  as  well.  The 
graphs  show  that,  for  our  applications,  upgrading  to  a  higher  speed  grade  is 
almost  never  worth  the  increased  cost.  (Two  notable  exceptions — the  "hump"  in 
the  81188ARC240  plot,  and  the  benefits  of  using  a  81500  with  enough  hardware 
resources  to  implement  two  keysearch  engines  on-chip — have  already  been  dis- 
cussed.) Within  each  family,  the  least  expensive  chip  turns  out  to  yield  the  best 
performance-to-cost  ratio;  spending  twice  as  much  money  on  a  higher-grade  chip 
in  the  family  never  results  in  twice  the  performance.  On  the  other  hand,  upgrading 
to  a  more  recent  "A"  designated  family — one  fabricated  with  a  newer  .6  micron 
process — is  a  worthwhile  move.  Altera  has  listed  the  "A"  chips  as  their  preferred 
technology,  and  presumably  there  is  more  sales  volume  for  devices  on  their  pre- 
ferred list  (though  it  might  be  hard  to  separate  cause  from  effect  here).  These 
charts  don't  tell  the  whole  story.  Altera  is  as  we  write  starting  to  release  a  new 
advanced  line  of  reconfigurable  logic  devices,  the  FLEX10K  architecture.  In  recom- 
mending the  81188  and  81500  devices,  we  gain  extra  price-performance  benefits 
by  staying  a  bit  behind  behind  the  bleeding  edge.  Exploiting  parallelism  with  low- 
end  devices  is  a  win  for  our  applications. 

We  have  not  yet  discussed  the  impact  of  software  in  relation  to  the  hardware  per- 
formance measurements.  Software  is  a  bit  trickier  to  evaluate  and  compare  to  the 
other  measurements,  as  it  is  not  clear  how  to  compare  the  price  of  a  software 
solution  to  a  hardware  approach.  While  hardware  devices  would  typically  be  pur- 
chased with  one  application  in  mind,  often  a  certain  amount  of  idle  cycles  on  gen- 
eral-purpose computers  is  available  "for  free".  Nonetheless,  software  and  hardware 
approaches  typically  won't  be  in  serious  competition:  the  extra  expense  of  hard- 
ware is  usually  not  justified  until  "free"  software  implementations  on  general-pur- 
pose computers  are  unacceptably  slow. 

Table  10-1:   Typical  software  performance  on  cryptanalytic  applications 

Algorithm  Keys  searched  per  second 

RC4  21900 

CDMF  29800 

DES  41300 

A5  355000 

Table  10-1  lists  the  performance  of  brute-force  keysearch  applications,  as  mea- 
sured on  a  Pentium  PI 00  machine.  Of  course  these  figures  will  vary  widely  from 
computer  to  computer.  For  example,  we  estimate  that  we  could  perform  a  dis- 
tributed RC4  40-bit  keysearch  in  a  weekend  or  so,  and  a  CDMF  40-bit  keysearch  in 
about  a  night  or  two,  by  using  idle  cycles  on  the  hundreds  of  general-purpose 
computers  we  have  access  to  as  Berkeley  computer  science  graduate  students. 
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Many  other  organizations  also  have  large  numbers  of  computers  which  are  idle 
much  of  the  time.  Many  employees  and  students  thus  have  access  to  spare  compu- 
tational power  which  may  be  harnessed  for  cryptanalysis,  at  essentially  zero  cost. 
Compare  this  to  Netscape's  estimate  that  amassing  enough  processing  power  to 
break  40-bit  RC4  would  cost  roughly  $10,000.  For  much  less  than  this,  one  could 
probably  convince  a  starving  graduate  student  to  lend  out  access  to  the  necessary 
computer  account.  In  any  event,  if  Netscape  were  willing  to  pay  $10,000  for  the 
amount  of  computing  power  required  to  break  40-bit  RC4,  some  enterprising  stu- 
dent could  easily  form  a  extremely  profitable  business  model. 

Given  a  distributed  system  of  general-purpose  computers,  one  can  easily  compute 
the  maximum  rate  of  40-bit  keysearching  possible  in  idle  cycles  by  assuming  that 
most  machines  are  idle  at  least  half  of  the  time  and  using  estimates  such  as  those 
in  Table  10-1;  achieving  better  performance  than  this  calls  for  hardware.  We  can 
see  from  Table  10-1  that  our  hardware  implementations  of  CDMF,  DES,  and  A5 
keysearch  are  orders  of  magnitude  faster  than  software;  this  is  not  surprising,  as 
these  encryption  algorithms  were  designed  for  efficiency  in  hardware. 

RC4,  by  contrast,  was  designed  to  run  efficiently  in  software,  and  indeed,  as  can 
be  seen  by  comparing  Figure  10-6  and  Table  10-1,  RC4  performs  about  twice  as 
well  in  software  than  on  programmable  logic.  The  primary  reasons  for  the  large 
search  time  on  programmable  logic  are  that  RC4  has  a  large  "Cycles  per  Key" 
value,  and  a  large  "Clock  cycle  time"  value:  as  seen  above,  the  total  CPK  for  the 
RC4  algorithm  is  1286;  far  larger  than  the  3  for  A5  or  the  37  for  CDMF.  The  large 
clock  cycle  time  stems  from  the  fact  that  the  algorithm  contains  a  number  of  regis- 
ter additions;  as  discussed  above,  these  can  produce  very  large  gate  delays.  Unfor- 
tunately, changing  the  additions  to  LFSRs  (as  was  done  above),  or  using  tricks 
such  as  carry-save  arithmetic,  is  not  appropriate  for  RC4,  as  can  be  seen  by  exam- 
ining the  algorithm. 

Another  blow  to  implementing  RC4  efficiently  was  the  particular  hardware  archi- 
tecture we  had.  The  programmable  logic  devices  we  used  were  not  large  enough 
to  store  the  necessary  256-byte  state  array  on-chip,  so  we  were  forced  to  store 
them  in  the  external  SRAM.  However,  the  algorithm  utilizes  the  SRAM  every  cycle, 
so  the  number  of  simultaneous  RC4  trials  we  can  compute  is  limited  by  the  num- 
ber of  ports  to  SRAM  that  we  have  available.  Unfortunately,  on  the  RIPP10  pro- 
gramming board,  not  only  is  the  SRAM  single-ported,  but  each  SRAM  is  shared  by 
two  logic  chips.  Thus  on  a  fully-populated  board  with  eight  logic  chips  and  four 
SRAMs,  we  can  only  perform  four  simultaneous  RC4  trials.  Redesigning  the  pro- 
gramming board  to  include  a  port  to  SRAM  for  each  simultaneous  RC4  trial  would 
save  some  overhead  (wasted  space  on  the  board),  but  would  not  increase  the  rela- 
tively poor  performance  to  cost  ratio  shown  above. 


10-22  Chapter  10:  Architectural  Considerations  for  Cryptanalytic  Hardware 

One  advantage  of  software  is  that  the  development  process  is  significantly  easier. 
By  reusing  code  (from  cryptographic  libraries  available  on  the  Internet,  for  exam- 
ple), we  prototyped  RC4,  A5,  CDMF,  and  DES  software  keysearch  applications  in  a 
total  time  of  under  an  hour.  In  contrast,  our  programmable  logic  design  and  imple- 
mentation effort  took  roughly  4  weeks  to  complete. 

Programmable  logic  has  similar  advantages  over  custom-hardware.  Development 
and  design  would  be  still  more  time-consuming  and  costly  for  a  custom-hardware 
approach,  such  as  an  ASIC.  Furthermore,  such  an  ASIC  can  only  be  used  for  one 
limited  algorithm.  Programmable  logic  is  more  flexible — the  hardware  devices  can 
be  reused  for  cryptanalysis  of  many  different  encryption  algorithms  with  little  extra 
effort.  Apparently  AccessData,  a  business  that  specializes  in  recovering  lost  data 
(i.e.  cryptanalysis)  for  the  corporate  and  law  enforcement  industries,  prefers  pro- 
grammable logic  over  custom  hardware  for  exactly  these  reasons  [28]. 

Let  us  summarize  what  the  charts  recommend  to  one  in  need  of  cryptanalytic  com- 
putational power.  RC4  keysearches  appear  to  be  most  efficiently  performed  in 
general-purpose  distributed  systems.  Performing  a  single  isolated  40-bit  CDMF 
keysearch  is  perhaps  best  done  with  distributed  software,  if  time  is  not  of  the 
essence  and  there  are  sufficient  general-purpose  computational  resources  easily 
available.  For  CDMF  and  A5  keysearch  in  anything  more  than  that  extremely  mini- 
mal setting,  though,  reconfigurable  logic  is  the  most  appropriate  solution  of  the 
technologies  that  we  examined.  Of  the  devices  we  surveyed,  the  Altera 
81500ARC240-4  device  is  the  most  appropriate  and  economical  choice  for  cryptan- 
alytic applications;  for  instance,  a  $15,000  initial  investment  buys  about  200  of 
these  chips,  allowing  one  to  perform  on  average  one  CDMF  keysearch  every  hour. 
The  cost  scales  linearly,  requiring  approximately  108  dollar-seconds  for  a  complete 
CDMF  keysearch;  that  is,  an  initial  investment  of  X  dollars  allows  one  to  search  the 
entire  CDMF  keyspace  in  108/x  seconds,  while  the  average  time  to  find  a  key  is 
half  that.  In  addition,  we  provisionally  estimate  that  about  $45,000  of  CPLD  hard- 
ware could  perform  a  DES  keysearch  in  a  year,  as  calculated  above.  Table  10-2 
summarizes  some  of  these  calculations.  It  takes  into  account  the  economies  of 
scale  associated  with  buying  many  logic  devices,  and  is  based  on  the  average-case 
(not  worst-case)  search  time;  the  worst-case  figure  would  be  twice  as  large.  No  fig- 
ures for  A5  are  included,  because  at  the  moment,  there  is  no  consensus  among 
cryptographers  as  to  the  size  of  the  keyspace  [261. 
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Table  10-2:  Estimating  the  cost  of  cryptanalysis:  a  summary 


Algorithm 

Investment  for  average  keysearch  time  of 

Architecture  components 

1  year 

1  week 

1  day 

1  hour 

RC4 

$0 

$0 

- 

- 

100  general-purpose  computers 

CDMF 

$0 

$0 

- 

- 

100  general-purpose  computers 

CDMF 

$93 

$93 

$745 

$15,000 

Altera  81500ARC240-4  CPLDs 

DES 

$45,000 

- 

- 

- 

Altera  81500ARC240-4  CPLDs 

Future  work 

Due  to  time  and  resource  limitations,  we  were  only  able  to  examine  the  Altera 
FLEX8000  series  of  programmable  logic  devices.  An  obvious  extension  of  this 
work  would  be  to  examine  other  kinds  of  devices,  such  as  the  new  Altera 
FLEX10K  series,  or  devices  from  other  vendors  such  as  Xylinx.  Additionally,  it 
would  be  worthwhile  to  examine  the  technology  trends  in  programmable  logic,  to 
determine  how  they  compare  to  those  for  general-purpose  hardware. 

We  leave  it  as  an  open  problem  to  the  reader  to  actually  construct  a  fully  opera- 
tional DES  keysearch  engine. 


Conclusions 

We  found  that  RC4  cryptanalysis  is  most  effectively  implemented  in  software.  Since 
RC4  was  specifically  designed  for  efficiency  on  general-purpose  computers,  it  is 
not  entirely  surprising  that  programmable  logic  fares  so  poorly.  We  showed  that 
the  estimate  in  [4]  (which  inspired  the  term  u8-cent  encryption"  for  40-bit  RC4)  is 
over-optimistic  and  unrealistic.  On  the  other  hand,  Netscape's  $10,000  estimate 
was  far  too  large. 

Programmable  logic  devices  are  very  efficient  at  CDMF  cryptanalysis.  We  estimate 
that  an  initial  investment  of  $745  buys  enough  programmable  logic  to  recover  one 
CDMF  key  each  day;  this  shows  that  CDMF  is  practical  to  break.  Moreover,  DES  is 
nearly  practical  to  break;  a  cryptanalytic  engine  to  do  a  DES  keysearch  each  year 
can  be  built  with  roughly  $45,000  of  programmable  logic. 

Several  architectural  techniques  from  the  design  of  general-purpose  processors 
were  useful  in  this  project.  Adding  parallelism,  identifying  structural  and  data  haz- 
ards, identifying  performance  bottlenecks,  and  other  techniques  helped  maximize 
the  performance  of  our  design.  The  cryptanalytic  analogue  to  the  "CPU  time" 
equation  from  [20]  was  surprisingly  useful,  lending  structure  to  our  analysis. 

We  also  identified  several  important  aspects  found  only  with  cryptanalytic  applica- 
tions on  programmable  logic.  In  this  application,  superscalar  parallelism  is  more 
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effective  than  pipelining.  Also,  register  additions  can  often  be  a  limiting  bottleneck 
for  programmable  logic — we  avoided  them  where  possible,  and  suffered  large 
performance  hits  elsewhere. 

By  considering  architectural  issues  both  common  to  general-purpose  processors 
and  unique  to  programmable  logic,  we  examined  the  feasability  of  using  commod- 
ity logic  devices  for  cryptanalytic  applications. 
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Efficient  DES 

Key  Search  — An  Update 

by  Michael  J.  Wiener 


An  exciting  moment  in  the  history  of  DES  was  reached  in  June  1997  when  a  group 
coordinated  by  Rocke  Verser  solved  RSA  Data  Security's  DES  challenge  by  exhaus- 
tive key  search  on  a  large  number  of  computers.  This  result  was  useful  because  it 
served  to  underscore  in  a  public  way  how  vulnerable  DES  has  become.  However, 
it  may  also  have  left  the  false  impression  that  one  cannot  do  much  better  than 
attacking  DES  in  software  with  a  large  distributed  effort.  The  design  of  DES  is  such 
that  it  is  fairly  slow  in  software,  but  is  compact  and  fast  when  implemented  in 
hardware.  As  a  result,  using  software  to  attack  DES  gives  poor  performance  com- 
pared to  what  can  be  achieved  in  hardware.  This  applies  not  only  to  DES,  but  also 
to  most  other  block  ciphers,  attacks  on  hash  functions,  and  attacks  on  elliptic 
curve  cryptosystems.  Avoiding  efficient  hardware-  based  attacks  requires  the  use  of 
algorithms  with  sufficiently  long  keys,  such  as  triple-DES,  128-bit  RC5,*  and 
CAST-128.t 

In  this  article  we  assess  the  cost  of  DES  key  search  using  hardware  methods  and 
examine  the  effectiveness  of  some  proposed  methods  for  thwarting  attacks  on 
DES. 


Michael  J.  Wiener,  Entrust  Technologies,  750  Heron  Road,  Suite  E08,  Ottawa,  Ontario,  Canada  K1V  1A7 

This  article  first  appeared  in  RSA  Laboratories'  Autumn  1997  Cryptobytes  newsletter;  it  is  reprinted  with 
permission  from  the  author  and  RSA  Data  Security,  Inc. 

*  R.  Rivest,  "The  RC5  Encryption  Algorithm",  Fast  Software  Encryption  —  Lecture  Notes  in  Computer 
Science  (1008),  pp.  86-96,  Springer,  1995. 

f  C.  Adams,  "Constructing  Symmetric  Ciphers  Using  the  CAST  Design  Procedure",  Designs,  Codes  and 
Cryptography,  vol.  12,  no.  3,  pp.  283-316,  Nov.  1997.  Also  available  as  "The  CAST-128  Encryption  Algo- 
rithm", RFC  2144,  May  1997. 
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The  best  known  way  to  attack  DES  is  to  simply  try  all  of  the  possible  56-bit  keys 
until  the  correct  key  is  found.  On  average,  one  expects  to  go  through  about  half  of 
the  key  space.  In  1993,  a  design  for  an  exhaustive  DES  key  search  machine  includ- 
ing a  detailed  chip  design  was  published.*  A  $1  million  version  of  this  machine 
used  57600  key  search  chips,  each  capable  of  testing  50  million  keys  per  second. 
Overall,  the  machine  could  find  a  DES  key  in,  on  average,  three  and  a  half  hours. 

About  four  and  a  half  years  have  passed  since  this  design  was  completed,  and 
according  to  Moore's  Law,  processing  speeds  should  have  doubled  three  times  in 
that  period.  Of  course,  estimating  in  this  fashion  is  a  poor  substitute  for  the  careful 
analysis  and  design  effort  that  went  into  the  earlier  design.  The  original  chip 
design  was  done  in  a  0.8  micron  CMOS  process,  and  with  the  geometries  available 
today,  it  is  possible  to  fit  four  instances  of  the  original  design  into  the  same  silicon 
area.  In  keeping  with  the  conservative  approach  to  estimates  in  the  1993  paper, 
we  assume  here  that  the  updated  key  search  chip's  clock  speed  would  increase  to 
only  75  MHz  from  the  original  50  MHz,  making  the  modern  version  of  the  chip  six 
times  faster  for  the  same  cost.  It  is  interesting  to  note  that  just  21  of  these  chips 
would  give  the  same  key  searching  power  as  the  entire  set  of  computers  used  by 
the  team  who  solved  the  DES  challenge. 

Today's  version  of  the  $1  million  machine  could  find  a  DES  key  in,  on  average, 
about  35  minutes  (one-sixth  of  3.5  hours).  This  time  scales  linearly  with  the 
amount  of  money  spent  as  shown  in  the  following  table. 


Key  Search  Machine  Cost 

Expected  Search  Time 

$10,000 

2.5  days 

$100,000 

6  hours 

$1,000,000 

35  minutes 

$10,000,000 

3.5  minutes 

Note  that  the  costs  listed  in  the  table  do  not  include  the  cost  to  design  the  chip 
and  boards  for  the  machine.  Because  the  one-time  costs  could  be  as  high  as  half  a 
million  dollars,  it  does  not  make  much  sense  to  build  the  cheaper  versions  of  the 
machine,  unless  several  are  built  for  different  customers. 

This  key  search  engine  is  designed  to  recover  a  DES  key  given  a  plaintext-cipher- 
text  pair  for  the  standard  electronic-codebook  (ECB)  mode  of  DES.  However,  the 
machine  can  also  handle  the  following  modes  without  modification:  cipher-block 


*  M.  Wiener,  "Efficient  DES  Key  Search",  presented  at  the  Rump  session  of  Crypto  '93-  Reprinted  in 
Practical  Cryptography  for  Data  Internetworks,  W.  Stallings,  editor,  IEEE  Computer  Society  Press,  pp. 
31-79  (1996).  Currently  available  at  ftp://ripem.msu.edu/pub/crypt/docs/des-key- 
search.ps. 
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chaining  (CBC),  64-bit  cipher  feedback  (CFB),  and  64-  bit  output  feedback  (OFB). 
In  the  case  of  OFB,  two  consecutive  plaintexts  are  needed.  The  chip  design  can 
be  modified  to  handle  two  other  popular  modes  of  DES,  1-bit  and  8-bit  CFB,  at  the 
cost  of  a  slightly  more  expensive  chip.  Fewer  chips  could  be  purchased  for  a  $1 
million  machine  causing  the  expected  key  search  time  to  go  up  to  40  minutes  for 
all  modes,  except  1-bit  CFB,  which  would  take  80  minutes,  on  average. 
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The  costs  associated  with  chip  design  can  present  a  significant  barrier  to  small- 
time attackers  and  hobbyists.  An  alternative  which  has  much  lower  start-up  costs  is 
the  use  of  programmable  hardware.  One  such  type  of  technology  is  the  Field  Pro- 
grammable Gate  Array  (FPGA).  One  can  design  a  circuit  on  a  PC  and  download  it 
to  a  board  holding  FPGAs  for  execution.  In  a  report  in  early  1996,*  it  was  esti- 
mated that  $50000  worth  of  FPGAs  could  recover  a  DES  key  in,  on  average,  four 
months.  This  is  considerably  slower  than  what  can  be  achieved  with  a  chip  design, 
but  is  much  more  accessible  to  those  who  are  not  well  funded. 

Another  promising  form  of  programmable  hardware  is  the  Complex  Programmable 
Logic  Device  (CPLD).  CPLDs  offer  less  design  freedom  and  tend  to  be  cheaper 
than  FPGAs,  but  the  nature  of  key  search  designs  seems  to  make  them  suitable  for 
CPLDs.  Further  research  is  needed  to  assess  whether  CPLDs  are  useful  for  DES  key 
search. 

Avoiding  Known  Plaintext 

The  designs  described  to  this  point  have  relied  on  the  attacker  having  some 
known  plaintext.  Usually,  a  single  8-byte  block  is  sufficient.  One  method  of  pre- 
venting attacks  that  has  been  suggested  is  to  avoid  having  any  known  plaintext. 
This  can  be  quite  difficult  to  achieve.  Frequently,  data  begins  with  fixed  headers. 
For  example,  each  version  of  Microsoft  Word  seems  to  have  a  fixed  string  of  bytes 
that  each  file  begins  with. 

For  those  cases  where  a  full  block  of  known  plaintext  is  not  available,  it  is  possi- 
ble to  adapt  the  key  search  design.  Suppose  that  information  about  plaintext  is 
available  (e.g.,  ASCII  character  coding  is  used),  but  no  full  block  is  known.  Then 
instead  of  repeatedly  encrypting  a  known  plaintext  and  comparing  the  result  to  a 
ciphertext,  we  repeatedly  decrypt  the  ciphertext  and  test  the  candidate  plaintexts 
against  our  expectations.  In  the  example  where  we  expect  7-bit  ASCII  plaintext, 
only  about  1  in  256  keys  will  give  a  plaintext  which  has  the  correct  form.  These 


*  M.  Blaze,  W.  Diffie,  R.  Rivest,  B.  Schneier,  T.  Shimomura,  E.  Thompson,  and  M.  Wiener,  "Minimal  Key 
Lengths   for   Symmetric   Ciphers   to   Provide   Adequate   Commercial   Security",    currently   available   at 

http: //www.bsa . org /policy /encrypt ion /cryptographers .html. 
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keys  would  have  to  be  tried  on  another  ciphertext  block.  The  added  logic  to  han- 
dle this  would  add  just  10  to  20%  to  the  cost  of  a  key  search  chip. 

Even  if  we  only  know  a  single  bit  of  redundancy  in  each  block  of  plaintext,  this  is 
enough  to  cut  the  number  of  possible  keys  in  half.  About  56  such  blocks  are 
needed  to  uniquely  identify  the  correct  key.  This  does  not  mean  that  the  run-time 
is  56  times  greater  than  the  known-plaintext  case.  On  average,  each  key  is  elimi- 
nated with  just  two  decryptions.  Taking  into  account  the  cost  of  the  added  logic 
required  makes  the  expected  run-time  for  a  $1  million  machine  about  2  hours  in 
this  case. 

Frequent  Key  Changes 

A  commonly  suggested  way  to  avoid  key  search  attacks  is  to  change  the  DES  key 
frequently.  The  assumption  here  is  that  the  encrypted  information  is  no  longer 
useful  after  the  key  is  changed,  which  is  often  an  inappropriate  assumption.  If  it 
takes  35  minutes  to  find  a  DES  key,  why  not  change  keys  every  5  minutes?  The 
problem  with  this  reasoning  is  that  it  does  not  take  exactly  35  minutes  to  find  a 
key.  The  actual  time  is  uniformly  distributed  between  0  and  70  minutes.  We  could 
get  lucky  and  find  the  key  almost  right  away,  or  we  could  be  unlucky  and  take 
nearly  70  minutes.  The  attacker's  probability  of  success  in  the  5-minute  window  is 
5/70  =  1/14.  If  after  each  key  change  the  attacker  gives  up  and  starts  on  the  next 
key,  we  expect  success  after  14  key  changes  or  70  minutes.  In  general,  frequent 
key  changes  cost  the  attacker  just  a  factor  of  two  in  expected  run-time,  and  are  a 
poor  substitute  for  simply  using  a  strong  encryption  algorithm  with  longer  keys. 

Conclusion 

Using  current  technology,  a  DES  key  can  be  recovered  with  a  custom-designed  $1 
million  machine  in  just  35  minutes.  For  attackers  who  lack  the  resources  to  design 
a  chip  and  build  such  a  machine,  there  are  programmable  forms  of  hardware  such 
as  FPGAs  and  CPLDs  which  can  search  the  DES  key  space  much  faster  than  is  pos- 
sible using  software  on  PCs  and  workstations.  Attempts  to  thwart  key  search 
attacks  by  avoiding  known  plaintext  and  changing  keys  frequently  are  largely  inef- 
fective. The  best  course  of  action  is  to  use  a  strong  encryption  algorithm  with 
longer  keys,  such  as  triple-DES,  128-bit  RC5,  or  CAST-128. 
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The  Electronic  Frontier  Foundation  (EFF)  is  a  nonprofit  public-interest  organization 
protecting  rights  and  promoting  liberty  online.  It  was  founded  in  1990  by  Mitchell 
Kapor,  John  Perry  Barlow,  and  John  Gilmore. 

The  Foundation  seeks  to  educate  individuals,  organizations,  companies,  and  gov- 
ernments about  the  issues  that  arise  when  computer  and  communications  tech- 
nologies change  the  world  out  from  under  the  existing  legal  and  social  matrix. 

The  Foundation  has  been  working  on  cryptography  policy  for  many  years.  It  was 
a  significant  force  in  preventing  the  adoption  of  the  "Clipper  chip'1  and  its  follow- 
on  "key  escrow"  proposals,  and  continues  to  advocate  for  wide  public  availability 
and  use  of  uncompromised  and  unbreakable  encryption  technology.  EFF  is  back- 
ing the  lawsuit  in  which  Professor  Daniel  Bernstein  seeks  to  overturn  the  United 
States  export  laws  and  regulations  on  cryptography,  arguing  that  the  First  Amend- 
ment to  the  US  Constitution  protects  his  right  to  publish  his  cryptography  research 
results  online  without  first  seeking  government  permission.  EFF's  research  effort  in 
creating  this  first  publicly  announced  DES  Cracker,  and  the  publication  of  its  full 
technical  details,  are  part  of  EFF's  ongoing  campaign  to  understand,  and  educate 
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the  public  about,  the  social  and  technical  implications  of  cryptographic  technol- 
ogy. 

EFF  encourages  you  to  join  us  in  exploring  how  our  society  can  best  respond  to 
today's    rapid    technological    change.    Please    become    an    EFF    member;    see 

http: //www. ef f . org/ join/. 
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John  Gilmore  is  an  entrepreneur  and  civil  libertarian.  He  was  an  early  employee  of 
Sun  Microsystems,  and  co-founded  Cygnus  Solutions,  the  Electronic  Frontier  Foun- 
dation, the  Cypherpunks,  and  the  Internet's  "alt"  newsgroups.  He  has  twenty-five 
years  of  experience  in  the  computer  industry,  including  programming,  hardware 
and  software  design,  and  management.  He  is  a  significant  contributor  to  the 
worldwide  open  sourceware  (free  software)  development  effort.  His  advocacy 
efforts  on  encryption  policy  aim  to  improve  public  understanding  of  this  funda- 
mental technology  for  privacy  and  accountability  in  open  societies.  He  is  currently 
a  board  member  of  Moniker  pty  ltd,  the  Internet  Society,  and  the  Electronic  Fron- 
tier Foundation. 

John  leads  the  EFF's  efforts  on  cryptography  policy,  managed  the  creation  of  the 
DES  cracker,  and  wrote  much  of  the  text  in  this  book. 

John  can  be  reached  at  the  email  address  gnu@des  .  toad,  com;  his  home  page  is 

http : //www. cygnus . com/ ~ gnu/. 
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Cryptography  Research 
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San  Francisco,  CA  94102  USA 

+1  415  397  0123   (voice) 
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http : //www. cryptography . com 

Cryptography  Research  is  Paul  Kocher's  San  Francisco-based  consulting  company. 
Cryptography  Research  provides  consulting,  design,  education,  and  analysis  ser- 
vices to  many  leading  firms  and  start-ups.  Kocher  and  the  company  are  widely 
known  for  their  technical  work  and  research,  including  the  development  of  lead- 
ing cryptographic  protocols  (such  as  SSL  3.0),  cryptanalytic  work  (including  the 
discovery  of  timing  attacks  against  RSA  and  other  cryptosystems),  and  numerous 
presentations  at  major  conferences.  To  reach  Cryptography  Research  please  write 
to  info@cryptography.com. 
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Cryptography  Research  managed  the  hardware  and  software  design  for  the  DES 
cracker,  and  wrote  the  chip  simulator  and  the  driver  software. 

Paul  Kocher,  Josh  Jaffe,  and  everyone  else  at  Cryptography  Research  would  like  to 
thank  John  Gilmore  and  the  EFF  for  funding  this  unique  project,  and  AWT  for  their 
expert  hardware  work! 

Paul  Kocher 

Paul  Kocher  is  a  cryptographer  specializing  in  the  practical  art  of  building  secure 
systems  using  cryptography.  He  currently  serves  jointly  as  President  of  Cryptogra- 
phy Research  (http://www.cryptography.com)  and  Chief  Scientist  of  ValiCert 
(http://www.valicert.com).  Paul  has  worked  on  numerous  software  and  hardware 
projects  and  has  designed,  implemented,  and  broken  many  cryptosy stems.  Paul 
can  be  reached  via  e-mail  at  paul@cryptography.com. 
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Santa  Clara,  CA   95054  USA 

+1  408  727  5780   (voice) 

+1  408  727  8842   (fax) 

http : //www. awti . com 

Advanced  Wireless  Technologies,  Inc.  (AWT)  is  dedicated  to  providing  Applica- 
tion-Specific Integrated  Circuit  (ASIC)  and  board  level  design  solutions  for  high 
tech  industries  at  highest  quality  and  lowest  cost.  AWT's  design  philosophy  is  to 
reduce  product  development  cost/risk  and  recurring  cost.  AWT  employs  a  thor- 
ough design  flow  from  system  architecture  to  system  integration  and  test. 

AWT  was  founded  in  1993.  Its  engineering  team  is  composed  of  a  highly  qualified, 
tenured  employee  base,  including  technical  management  staff.  The  employees  are 
knowledgeable,  motivated,  highly  competent,  and  have  from  3  to  25  years  of 
experience  in  system  engineering,  chip  design,  and  complete  subsystem  design. 

AWT  offers  digital  ASIC/Gate  Array  and  Board  design  services  to  support  cus- 
tomers' specific  requirements.  The  company  can  participate  in  any  development 
phase  from  specifications  definition  to  design  implementation  and  prototype  test- 
ing. 

In  addition  to  providing  engineering  services  AWT  has  developed  leading  products 
for  use  in  the  communications  industry.  AWT's  standard  products  include  IP  Cores, 
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ASICs,  and  board  level  products  in  the  fields  of  demodulation,  forward  error  cor- 
rection, and  encryption/decryption. 

AWT  designed  and  built  the  hardware  for  the  DES  Cracker,  including  the  custom 
ASIC,  logic  boards,  and  interface  adapters.  If  you're  interested  in  purchasing  a  DES 
Cracker  unit,  contact  AWT. 

AWT  invites  you  to  visit  at  http:  //www.awti  .com  or  call  +1  408  727  5780  for 
your  specific  engineering  needs. 
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Computer  Security 


Secrets  of  Encryption  Research,  Wiretap  Politics  &  Chip  Design 

Sometimes  you  have  to  do  good  engineering  to  straighten  out  twisted  politics.  The 
Electronic  Frontier  Foundation  has  done  so  by  exploding  the  government-supported 
myth  that  the  Data  Encryption  Standard  (DES)  has  real  security. 

National  Security  Agency  and  FBI  officials  say  our  civil  liberties  must  be  curtailed 
because  the  government  can't  crack  the  security  of  DES  to  wiretap  bad  guys.  But  some- 
how a  tiny  nonprofit  has  designed  and  built  a  $200,000  machine  that  cracks  DES  in  a 
week.  Who's  lying,  and  why? 

For  the  first  time,  the  book  reveals  full  technical  details  on  how  researchers  and  data- 
recovery  engineers  can  build  a  working  DES  Cracker.  It  includes  design  specifications 
and  board  schematics,  as  well  as  full  source  code  for  the  custom  chip,  a  chip  simula- 
tor, and  the  software  that  drives  the  system.  The  US  government  makes  it  illegal  to  pub- 
lish these  details  on  the  Web,  but  they're  printed  here  in  a  form  that's  easy  to  read  and 
understand,  legal  to  publish,  and  convenient  for  scanning  into  your  computer. 

The  Data  Encryption  Standard  withstood  the  test  of  time  for  twenty  years.  This  book 
shows  exactly  how  it  was  brought  down.  Every  cryptographer,  security  designer,  and 
student  of  cryptography  policy  should  read  this  book  to  understand  how  the  world 
changed  as  it  fell. 

"Beautifully  milks  many  sacred  cows  of  their  crypto  policy  EFF  exposes  more  of  the 
emperor's  new  clothes,  reaching  new  levels  of  truth." 

— Peter  Neumann,  Moderator  of  the  Risks  Forum 

"A  very  impressive  piece  of  work.  This  book  will  change  the  history  of  cryptography." 

— Steve  Bellovin,  co-author  of  Firewalls  and  Internet  Security 

"If  the  government  was  honest,  the  crypto  debate  would  be  over  by  now.EFF's  research 
conclusively  refutes  their  propaganda." 

— Bruce  Schneier,  President  of  Counterpane  Systems 
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